DO Ideas 2

Do not rewrite snapshot's /etc/passwd when a SSH key is specified

(this is currently done for Fedora-based images, not sure if all distros are concerned)

During a droplet creation from a snapshot, /etc/passwd is rewritten even if a SSH key has been specified.

Since root password is not emailed when a SSH key is specified, there is no way to log into the droplet even from VNC in case there is a network issue OR the SSH key is lost etc... (assuming PermitRootLogin without-password is set in sshd config as recommended).

  • Cedric
  • Sep 11 2018
  • Will not implement
  • Attach files
  • Moisey Uretsky commented
    September 11, 2018 19:03

    Root access is updated for snapshots when you launch new servers because it's a new server so its treated the same as spinning up a new base OS or a customer image.

    It's a security precaution and we recommend using SSH keys to spin up new servers if you want to maintain access to new servers easily regardless of whether you launch them from base OSes or from images.

  • Cedric commented
    September 11, 2018 19:03

    "/etc/passwd" => "/etc/shadow" ... or whatever the droplet creation process is doing to update the root password :)