[Vmdebootstrap-devel] Bug#784125: Getting key-based root access for ansible

[Emanuele Aina]

Sorry for chiming in with an unsolicited opinion, but I just stumbled
on Jan's patch as I was searching exactly for that kind of
functionality. :)

I'm currently using `vmdebootstrap` (it is awesome, thanks!) to set up
an ephemeral VM used as the test environment for the ansible playbook
of a production server.

I totally understand the need to keep the number of options down, but I
still think that Jan's patch makes the right thing easier to do (that
is, rely on key auth for privileged access), in particular in light of
the fact that `sshd_config` defaults to `PermitRootLogin without-
password` (which has now been renamed to `prohibit-password` and
basically prevents password-based SSH access).

This means that at the moment there doesn't seem to be any good option
to get automated root access without using a custom script:

 * `--root-password` is useless due to the ssh config default
 * no straightforward way to to install a ssh key for root
 * using an unprivileged user and `sudo` works, but makes key-based
   auth useless as `sudo` would still ask for the password

The only solution currently available is thus using a customization
script, but Jan's option would make this *much* easier, and I think
reducing friction on the most secure path would be worth the pain of
having an additional option. :)

(Honestly I think such an option would be in fact be *more* useful than
the current root/user-related options, once you have a secure key-based 
root connection you can easily set up the root password, other
accounts, etc., manually or using chef/ansible/whatever, but of course
those options cannot be dropped for compatibility reasons)