Disable root login and create a dedicated ssh user instead. about algo HOT 7 CLOSED

Algo sets up a single user system, so this has only very little impact. If someone compromises your lower privileged user account, they would have total control of the machine anyway.

We'll take a second look at this later but it's not a priority right now.

from algo.

@dguido Algo sets up a single user system which is fine but that user should not be root, call it algo or strongswan instead - giving the user a prompt would be even better.

from algo.

@hasanakyol , are you suggesting to enter a password for sudo while playbook works?

from algo.

@gunph1ld all i'm saying is that algo is a very nice piece of software and I appreciate the effort etc. My only suggestion is that when I wish to ssh in to the box for what ever reason i would prefer not to be root for obvious reasons, this account should be disabled. So once algo creates the droplet it should create a NEW user assign it sudo permissions and then use this NEW account to install and configure itself.

from algo.

In both scenarios, if someone takes over your user account (whether it is root or a different user with sudo) then they will gain total control of the VPN server. I'm not sure there is a large difference here. What are you trying to protect against? I disagree with you that it's obvious.

from algo.

You are much more prone to mistakes while working as root.

from algo.

What mistakes?
What is the difference between # rm -rf / and $ sudo rm -rf / ?
Create another user with sudo rights is not necessary, the issue will not be approved.

from algo.