FYI, apart from the kernel, OVH's "Ubuntu" image also adds their SSH key to the root user (http://help.ovh.co.uk/InstallOvhKey) and pre-installs some monitoring daemon.
Yes, either that or a dedicated sudo-enabled account. It's a slight step up from the older setups where they had a dedicated account with a common password known to all the second-level and higher techs.
It's because 90% of users don't know what they're doing and at some point will ask for support, and they probably won't be able to get the techs access when needed. It sucks for the 10% who are capable and willing to operate their servers independently.
> Wow, didn't know that. Good thing I usually block root access.
Edit: Ah, my bad, you meant your SSH config, I misunderstood.
I assume you're talking about blocking the document root of your web server, because at least on stock Ubuntu, you can't 100% block the root user from accessing anything (e.g., on Linux, a logged-in root can always use CAP_DAC_OVERRIDE to override permissions). Among other things, that's why a rooted Android phone can access apps that even the app developer doesn't want them to.
Here, they're talking about setting up an ssh key for the root user somewhere that the ssh server is aware of. They certainly won't put it in a directory like a document root such as `/www`. Probably they put it in `/etc/ssh`.
I'd assume they are talking about the typical practice of disallowing ssh logins as root (instead logging in as a user and then using sudo for administrative tasks)
Thanks, I didn't pick that up, although I often do that on my SSH config. For some reason, "block root access" in lieu of "block root log-in" just didn't register for me as referring to SSH config. Thank you for explaining instead of just downvoting.
I am also running Docker on one of them just fine.