[pve-devel] Has somewhere checked the templates?

Sat Feb 4 13:27:41 CET 2017

Hi Detlef,

I really cannot understand why you do not create your own templates
automatically and blame Proxmox for that. I create my own dab templates
with my own mirrors and generate a whole bunch of them weekly with my
settings, keys and so on for internal and external use, such that you can
choose what you want and you always have up-to-date versions of the
templates. It's really no problem. All the turnkey templates are good for
the start, but I'd never run them directly in production. They have to be
further secured and so on...

I have also to defend the provided images as Dietmar already said: It's the
distributions default, e.g. Debian Jessie, the default is to have
password-based ssh blocked for the root user and that is for security
reasons ("und das ist auch gut so" as you're also german-speaking).

On Sat, Feb 4, 2017 at 9:46 AM, Detlef Bracker <bracker at 1awww.com> wrote:

> Or outherwise we need the templates in 2 versions:
>
> a) default
> b) ready to go (open for ssh via password)
>
> About:
>
> a) The way in the old proxmox was easy to clone a container to a template!
>     For LXC is much much more complicated! So every admin must doe a lot
> of work
>     to prepare ready to go templates!
> b) To let doe the settings via KVM is not a good idea! Expl. problems of
> keyboard
>     languages and so on! And the customer will have a server, that he
> can direct use!
>     They know, they must do updates! When the template is expl. 1 year old,
>     and the customer make not an update, thats equal not secure, same as
> when
>     the server they get ready to go with installed open ssh server!
>
> The OS distributions are created too for users they install in their
> home a linux
> machine or for administrator they install on physical server! Thats then
> an other
> thing! But here the servers perpared for world wide web and not not for
> standalone!
>
> SSH clients exists on many diferent OS, yes!
>
> So, how complicate is create SSH-key and copy the right key to the
> dialog, equal interface
> for API or to proxmox GUI and the other part in the client in a:
>
> a) windows machine
> b) linux machine (easy yes)
> c) in a MAC
> d) in a iPhone
> e) in an android
> f) in an mobil with google or other x-os
> g) in a machine with other OS
>
> And you know, how concentrated must prepared this! And when one thing is
> not fine,
> the user get not connection to the server and is then the meaning, the
> server works not fine!
> I will not see the many support-request the ISPs get, when they doe this
> as a standard!
>
> About this:
>
> a) standard with open installed SSH
> b) when a client enter the SSH-key in GUI or external interface and send
> via API, then
> the API send not only the SSH-Key to server in preparation, the API
> change then to the
> settings in sshd_config from yes to without-password - mode!
>
>
> Am 04.02.2017 um 08:27 schrieb Dietmar Maurer:
> >> - ssh-server must been installed and open for the 1st login of a
> >> customer, they get the new fresh server and they
> >>      can install the rest
> > All major distribution decided to do it the other way, so I am
> > quite unsure if we should do this. I don't really want to
> > overwrite security settings from the distribution.
> >
>
> --
>
> ACHTUNG: Ihr Anfragetext befindet sich unter unserem Absender!
> P.S. ePrivacy in Europa - lesen Sie mehr - read more
> <http://blog.1awww.com/2012/05/30/achtung-internet-seiten-
> betreiber-eprivacy-richtlinien-umzusetzen/>
>
>
> Mit freundlichen Gruessen
> 1awww.com - Internet-Service-Provider
>
> Detlef Bracker
> Camino Velilla 1, E 18690 Almunecar, Tel.: +34.6 343 232 61 * EU-VAT-ID:
> ESX4516542D
>
> This email and any files transmitted are confidential and intended only
> or the person(s) directly addressed. If you are not the intended
> recipient, any use, copying, transmission, distribution, or other forms
> of dissemination is strictly prohibited. If you have received this email
> in error, please notify the sender immediately and permanently delete
> this email with any files that may be attached.
>
> Este correo electrónico y, en su caso, cualquier fichero anexo al mismo,
> contiene información de carácter confidencial exclusivamente dirigida a
> su destinatario o destinatarios. Queda prohibida su divulgación, copia o
> distribución a terceros sin la previa autorización escrita de Detlef
> Bracker. En caso de no ser usted la persona a la que fuera dirigido este
> mensaje y a pesar de ello está continúa leyéndolo, ponemos en su
> conocimiento que está cometiendo un acto ilícito en virtud de la
> legislación vigente en la actualidad, por lo que deberá dejarlo de leer
> automáticamente.
>
> Detlef Bracker no es responsable de su integridad, exactitud, o de lo
> que acontezca cuando el correo electrónico circula por las
> infraestructuras de comunicaciones electrónicas públicas. En el caso de
> haber recibido este correo electrónico por error, se ruega notificar
> inmediatamente esta circunstancia mediante reenvío a la dirección
> electrónica del remitente.
>
> El correo electrónico vía Internet no permite asegurar la
> confidencialidad de los mensajes que se transmiten ni su integridad o
> correcta recepción, por lo que Detlef Bracker no asume ninguna
> responsabilidad que pueda derivarse de este hecho.
>
> No imprima este correo si no es necesario. Ahorrar papel protege el
> medio ambiente.
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>