I'm new to Ansible. Most VPS provisioning guides I've seen so far do this:
- disable root from logging in
- create a new user who can only log in with
ssh(not password) - add the new user to the
wheelgroup, with passwordless sudo permission
I understand (1) and (2), but not (3).
Surely passwordless sudo is just like logging in as root? I understand the benefit (convenience), but isn't this highly insecure?
I realise that admins run their networks in various ways, and so this could be said to be "subjective", but this is a VERY common practice, it's even shown in various official ansible docs as well as guides published by hosting companies. It goes against common sense. What is the logic behind it?
Best Answer
If the service account can do passwordless sudo, then you have to protect access to that account.
Having the account not have a password, and using only ssh keys to log in to it, accomplishes this, provided you can keep the ssh private key secure as well.