On 14/06/14 07:18, Brian wrote: > On Fri 13 Jun 2014 at 23:36:41 +0530, Murukesh Mohanan wrote: > >> That's about the bug report that led to all this: >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298138 > > The usual complaint, I see. password1 is an insecure password for root > to use so we mustn't allow root to log in via ssh.
I agree with Bob, for the same reasons, - no sudo, proper password management and sshkey. But no ssh root logins allowed. (but my passwords are always at least 4 numbers). I (now) also believe that making sudo default is a good idea - for Keep-Hitting-The-Enter-Key installs. (like anti-boot holsters for drummers?) > >> To date I haven't been able to find documented lists of preseeds >> anywhere, except for the standard debian installer values given in > > You haven't looked hard enough. debconf-get-selections from an example install is instructive. As is the Debian Wiki:- https://wiki.debian.org/DebianInstaller/Preseed > >> Debian's and Ubuntu's example preseed files. I found this preseed option >> in forum postings somewhere. > > Which preseed option? You might not be able to find the forum posting > but please would you quote this option so we know what you are talking > about? > > I can categorically state there is no preseed option for permit-root-login > in Wheezy, Squeeze or Lenny. permit-root-login != root-login Perhaps the OP wants:- ### Users # root d-i passwd/root-login boolean true user-setup-udeb passwd/root-login boolean true d-i passwd/root-password password PasswordsROK d-i passwd/root-password-again password PasswordsROK # d-i passwd/root-password-crypted password [$1$JCsRluxD$kkpKmZGw.a1YGdJfybefg.] # $ printf "password" | mkpasswd -s -m md5 # Enable shadow passwords. user-setup-udeb passwd/shadow boolean true # The user's name and login. d-i passwd/make-user boolean true user-setup-udeb passwd/make-user boolean true passwd passwd/user-fullname string Uncrackable passwd passwd/username string fool d-i passwd/user-password password SayFish d-i passwd/user-password-again password SayFish #d-i passwd/user-password-crypted password [$1$kQMIgPMe$F89vPeUWX3EqnQncn9HLn.] # user-setup-udeb user-setup/password-weak boolean false # And other user properties d-i passwd/user-default-groups string fool lp dialout cdrom audio dip video plugdev users mlocate powerdev netdev fuse sambashare lpadmin scanner d-i user-setup/encrypt-home boolean false user-setup-udeb user-setup/encrypt-home boolean true > >> My current method, replacing the entire sshd_config, seems a better >> option to me than a scripted change in late_command, given that it's not >> the only config file I have to change.. I'll stick to that until/unless >> I can get a fix to this. Late commands work fine for ssh configuration - why make only partial use of preseeding? Use httpass and https to secure your postseed download if it's not a LAN download:- ### Finish the installation # Avoid that last message about the install being complete. d-i finish-install/reboot_in_progress note # post install scripts d-i preseed/late_command string in-target wget http://192.168.0.2/postseed.tar.bz2; in-target tar xvfP postseed.tar.bz2;mv something somewhere Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/539b867f.9060...@gmail.com
