As stated in sshd(8), the recommended permissions for ~/.ssh are
read/write/execute for the user, and not accessible by others; and the
recommended permissions for ~/.ssh/authorized_keys are read/write for
the user, and not accessible by others.
(cherry picked from commit 07d17ca189)
Per pw(8), when -H is set, the password should be supplied already
encrypted in a form suitable for writing directly to the password
database (passwd in cloud-init tems); -h provides a special interface by
which interactive scripts can set an account password using pw(8) in
plain text (plain_text_passwd in cloud-init terms).
The default user (freebsd) is defined with a plain_text_passwd
(freebsd), not with an encrypted one.
(cherry picked from commit 7b73ecfe64)
this is a very early script to support cloudinit, it does not intend to
be a full featured cloudinit client, but will support a good enough
subset to be viable in most case.
It support nocloud and openstack config-2 config drive mode (iso9660 or
msdosfs)
The following features are currently supported:
- adding users (including a default user named 'freebsd' with password
'freebsd'
- adding groups
- adding ssh keys
- static ipv4, static ipv6, dynamic ipv4
With this one is able to use the 'bring your own image feature" out of
box.
It is expected that the script grows the support of other clouds
supporting cloud-init, contributions are welcomed.
It is designed to be only run once via the firstboot mecanism.
Sponsored by: OVHCloud
Differential Revision: https://reviews.freebsd.org/D44141
(cherry picked from commit a42d6f7601)
(cherry picked from commit c051f22bce)
(cherry picked from commit b8c053c9a6)
(cherry picked from commit 9eae9233fd)
