The villain would need a user's private ssh key, since we've disabled password-based login.
We require users to change their passwords the first time they log in, so the default password should only work on a user account that has never logged in.
That said, this is terrible practice, and we should:
encrypt the password in a vault
consider storing the password in the ansible hosts directory, rather than in our repository
linode_create.yml currently has a default user password visible in plaintext in this repository. There are two barriers preventing a bad actor from exploiting this:
That said, this is terrible practice, and we should: