Ask HN: Sensible security for Linux devices

Does anyone have experience shipping Linux devices? What is the standard way to secure them? Maybe random (but stored for troubleshooting) passwords during manufacturing? Or maybe no password but an SSH key per device?

Users should not have to access the root account on them (only a user account, which we could set to change on first access).

I'm not sure of a sensible method and really don't want to reinvent the wheel here.

EDIT (for clarity): I am looking especially for root password strategies where company support reps can log in as root but users cannot.

3 points | by hjmallon 1898 days ago