[pve-devel] Has somewhere checked the templates?

Detlef Bracker bracker at 1awww.com
Sat Feb 4 09:46:58 CET 2017


Or outherwise we need the templates in 2 versions:

a) default
b) ready to go (open for ssh via password)

About:

a) The way in the old proxmox was easy to clone a container to a template!
    For LXC is much much more complicated! So every admin must doe a lot
of work
    to prepare ready to go templates!
b) To let doe the settings via KVM is not a good idea! Expl. problems of
keyboard
    languages and so on! And the customer will have a server, that he
can direct use!
    They know, they must do updates! When the template is expl. 1 year old,
    and the customer make not an update, thats equal not secure, same as
when
    the server they get ready to go with installed open ssh server!

The OS distributions are created too for users they install in their
home a linux
machine or for administrator they install on physical server! Thats then
an other
thing! But here the servers perpared for world wide web and not not for
standalone!

SSH clients exists on many diferent OS, yes!

So, how complicate is create SSH-key and copy the right key to the
dialog, equal interface
for API or to proxmox GUI and the other part in the client in a:

a) windows machine
b) linux machine (easy yes)
c) in a MAC
d) in a iPhone
e) in an android
f) in an mobil with google or other x-os
g) in a machine with other OS

And you know, how concentrated must prepared this! And when one thing is
not fine,
the user get not connection to the server and is then the meaning, the
server works not fine!
I will not see the many support-request the ISPs get, when they doe this
as a standard!

About this:

a) standard with open installed SSH
b) when a client enter the SSH-key in GUI or external interface and send
via API, then
the API send not only the SSH-Key to server in preparation, the API
change then to the
settings in sshd_config from yes to without-password - mode!


Am 04.02.2017 um 08:27 schrieb Dietmar Maurer:
>> - ssh-server must been installed and open for the 1st login of a
>> customer, they get the new fresh server and they
>>      can install the rest
> All major distribution decided to do it the other way, so I am
> quite unsure if we should do this. I don't really want to 
> overwrite security settings from the distribution.
>

-- 

ACHTUNG: Ihr Anfragetext befindet sich unter unserem Absender!
P.S. ePrivacy in Europa - lesen Sie mehr - read more
<http://blog.1awww.com/2012/05/30/achtung-internet-seiten-betreiber-eprivacy-richtlinien-umzusetzen/>


Mit freundlichen Gruessen
1awww.com - Internet-Service-Provider

Detlef Bracker
Camino Velilla 1, E 18690 Almunecar, Tel.: +34.6 343 232 61 * EU-VAT-ID:
ESX4516542D

This email and any files transmitted are confidential and intended only
or the person(s) directly addressed. If you are not the intended
recipient, any use, copying, transmission, distribution, or other forms
of dissemination is strictly prohibited. If you have received this email
in error, please notify the sender immediately and permanently delete
this email with any files that may be attached.

Este correo electrónico y, en su caso, cualquier fichero anexo al mismo,
contiene información de carácter confidencial exclusivamente dirigida a
su destinatario o destinatarios. Queda prohibida su divulgación, copia o
distribución a terceros sin la previa autorización escrita de Detlef
Bracker. En caso de no ser usted la persona a la que fuera dirigido este
mensaje y a pesar de ello está continúa leyéndolo, ponemos en su
conocimiento que está cometiendo un acto ilícito en virtud de la
legislación vigente en la actualidad, por lo que deberá dejarlo de leer
automáticamente.

Detlef Bracker no es responsable de su integridad, exactitud, o de lo
que acontezca cuando el correo electrónico circula por las
infraestructuras de comunicaciones electrónicas públicas. En el caso de
haber recibido este correo electrónico por error, se ruega notificar
inmediatamente esta circunstancia mediante reenvío a la dirección
electrónica del remitente.

El correo electrónico vía Internet no permite asegurar la
confidencialidad de los mensajes que se transmiten ni su integridad o
correcta recepción, por lo que Detlef Bracker no asume ninguna
responsabilidad que pueda derivarse de este hecho.

No imprima este correo si no es necesario. Ahorrar papel protege el
medio ambiente.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20170204/2828d49d/attachment.sig>


More information about the pve-devel mailing list