Merge pull request #4601 from davidjb/master

Add security note to documentation for public networks
2014-10-08 08:57:41 -07:00 · 2014-10-08 08:57:41 -07:00 · 31c77bed37
parent 220e4f23b2 9b5665c3c1
commit 31c77bed37
1 changed files with 13 additions and 0 deletions
--- a/website/docs/source/v2/networking/public_network.html.md
+++ b/website/docs/source/v2/networking/public_network.html.md
@ -23,6 +23,19 @@ general public access to your machine, public networks can.
 	</p>
 </div>

+<div class="alert alert-warning">
+	<p>
+		<strong>Warning!</strong> Vagrant boxes are insecure by default 
+		and by design, featuring public passwords, insecure keypairs 
+		for SSH access, and potentially allow root access over SSH.  With
+		these known credentials, your box is easily accessible by anyone on
+		your network.  Before configuring Vagrant to use a public network,
+		consider <em>all</em> potential security implications
+		and review the <a href="/v2/boxes/base.html">default box
+		configuration</a> to identify potential security risks.
+	</p>
+</div>
+
 ## DHCP

 The easiest way to use a public network is to allow the IP to be assigned