propellor

propellor config for hosts.
git clone git://git.ricketyspace.net/propellor.git
Log | Files | Refs | LICENSE

comment_1_3bc008e42587a3313f81ee740d7d80f0._comment (612B)


      1 [[!comment format=mdwn
      2  username="http://joeyh.name/"
      3  ip="209.250.56.214"
      4  subject="comment 1"
      5  date="2014-04-21T13:31:13Z"
      6  content="""
      7 Running propellor that way would probably need ssh to allocate a tty in order for sudo's password prompt to work. And it adds complexity. Does it add security? I don't think so, PermitRootLogin=without-password or PasswordAuthentication=no is not going to let anyone brute force the root account.
      8 
      9 PermitRootLogin=forced-commands-only might be worth making easy to set up, so the only command that can be run with some special propellor-specific ssh key is propellor.
     10 """]]