On Thu, Oct 6, 2016 at 10:06 AM, Stephen Gallagher sgallagh@redhat.com wrote:
On 10/06/2016 11:10 AM, Vinny Valdez wrote:
On Thu, Oct 6, 2016 at 8:07 AM, Jon Stanley <jonstanley@gmail.com mailto:jonstanley@gmail.com> wrote:
I think there's one, and it's really quite simple and elegant I think. First, we remove (or make very non-obvious) the ability to set a root password in the Anaconda GUI, and force the creation of an administrative user. Then to further bootstrap the machine, you MUST login with that user and use sudo. Ansible natively supports this (using 'become') and Cockpit also supports login by such a user.
What about adding a "paste public key" screen to the Anaconda GUI? Looks like there's already a --sshkey option for kickstart: https://bugzilla.redhat.com/show_bug.cgi?id=1274104 (though I haven't tried it myself).
Where would they copy it *from*? This is new hardware; I can see this *maybe* working in a VM (if they support copy-paste from the viewer host), but probably not on a physical box.
Get Anaconda to use Apache Guacamole? Connect to the server installation GUI with a web browser instead of VNC?