Locking down root

The sshd role heightens your server's security by providing better SSH defaults. SSH password authentication will be disabled. We encourage you to disable SSH root login as well. You may adjust these two particular options in group_vars/all/security.yml. See the sshd role for more configuration options.

Admin user

The first provision via the server.yml playbook will create the admin_user and set up related SSH Keys. If you disable root login, subsequent connections will be made as the admin_user.

Admin user sudoer password

If root login is disabled and the server.yml playbook connects as the admin_user, it will invoke sudo using the password in vault_users (group_vars/<environment>/vault.yml). If you run the playbook with --ask-become-pass, Trellis will use the password you enter via the CLI. You are strongly encouraged to protect the sensitive vault_users information by enabling Ansible Vault.

Join over 6,000 subscribers on our newsletter to get the latest Roots updates, along with occasional tips on building better WordPress sites.

Looking for WordPress plugin recommendations, the newest modern WordPress projects, and general web development tips and articles?

“Easily the best WordPress email I get.” Colin OBrien

Follow us on Twitter @rootswp

Ready to checkout?