Return-Path: X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BD900D300 for ; Fri, 16 Nov 2012 18:41:34 +0000 (UTC) Received: (qmail 13534 invoked by uid 500); 16 Nov 2012 18:41:34 -0000 Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org Received: (qmail 13498 invoked by uid 500); 16 Nov 2012 18:41:34 -0000 Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-dev@incubator.apache.org Received: (qmail 13489 invoked by uid 99); 16 Nov 2012 18:41:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Nov 2012 18:41:34 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of Ahmad.Emneina@citrix.com designates 66.165.176.89 as permitted sender) Received: from [66.165.176.89] (HELO SMTP.CITRIX.COM) (66.165.176.89) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Nov 2012 18:41:28 +0000 X-IronPort-AV: E=Sophos;i="4.83,266,1352073600"; d="scan'208";a="44881864" Received: from sjcpmailmx01.citrite.net ([10.216.14.74]) by FTLPIPO01.CITRIX.COM with ESMTP/TLS/RC4-MD5; 16 Nov 2012 18:40:34 +0000 Received: from SJCPMAILBOX01.citrite.net ([10.216.4.72]) by SJCPMAILMX01.citrite.net ([10.216.14.74]) with mapi; Fri, 16 Nov 2012 10:40:31 -0800 From: Ahmad Emneina To: "cloudstack-dev@incubator.apache.org" Date: Fri, 16 Nov 2012 10:40:27 -0800 Subject: Re: [jira] [Created] (CLOUDSTACK-505) cloudstack logs the private key in plaintext Thread-Topic: [jira] [Created] (CLOUDSTACK-505) cloudstack logs the private key in plaintext Thread-Index: Ac3EKdrI5z7RZCGaRVm8fYXzAXvCYw== Message-ID: In-Reply-To: <1021128538.125054.1353090372230.JavaMail.jiratomcat@arcas> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.0.0.100825 acceptlanguage: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org On 11/16/12 10:26 AM, "Ahmad Emneina (JIRA)" wrote: >Ahmad Emneina created CLOUDSTACK-505: >---------------------------------------- > > Summary: cloudstack logs the private key in plaintext > Key: CLOUDSTACK-505 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-505 > Project: CloudStack > Issue Type: Bug > Components: API > Affects Versions: 4.0.0 > Reporter: Ahmad Emneina > > >When creating my sshkeypair, theyre logged in the api-server.log. > >2012-11-16 04:16:44,387 INFO [cloud.api.ApiServer] (ApiServer-8:null) >(userId=3D1 accountId=3D1 sessionId=3Dnull) /0:0:0:0:0:0:0:1 -- GET >/client/api?command=3DcreateSSHKeyPair&name=3Dtestkeys2&response=3Djson&do= mainid >=3D1&zone=3D2&account=3Dadmin HTTP/1.0 200 > >{ > "createsshkeypairresponse": { > "keypair": { > "name": "testkeys2", > "fingerprint": >"f2:0c:b1:d9:be:73:4f:a9:0a:c0:c8:59:17:e0:67:07", > "privatekey": "-----BEGIN RSA PRIVATE >KEY-----\nMIICXgIBAAKBgQDD8CUiTQL26bhcDDW1kg8QqY2Pzm9EkeNwcTtglZEYkfSV7IHI >\nDO7kRvB8ca4uKOpQD+jIpz0+leTQAc2JwLPzIFfTpN/mn+vwMwBviTZjYUDePkw+\nuwe97K >B4Xg+RM7m0f4sPUHe9IZPshebl8nFhFpp8bL1g/FcDalJs3GhyPwIDAQAB\nAoGBAL0czVp75f >6Wul/tUPF8lZnJbF5+KpqODGz8fQjNkwuZ4+3IJcMF6JTfe0FB\nH5Jh3zWDBXSVJeGAHyY8dz >sbiRHRoXb4HRXUfSdMVLAlXDmH+REcE/4OY+Sd+GU2\ncrIsq9E3R2Nhr7lujP6BOO4IEzSrKF >Q531lLBolCNZ/YpHThAkEA4/N1BeuB7ihI\nlzfdikjEmg3BfDn+s7FlQz42x4iAOBRBcMeO0e >7ma+UWD7LUER3tuADAY3D4C/xs\nAluSbEyHdwJBANwMRK4jsmsGFf5GjH/iyVApZx/U71OR8O >Jx48NSdWmCzEkMdCE+\nH5Lska7j8mfAfqbOYfYqR4gwOXXHGr8XrXkCQAF9GYqMWzDe+npiVw >QMLZyD8nuJ\nNWye//ZMdbcf4RZ8q2C9LOWaFc8mk9pOZKwn8eF9v8PmfPg3Ec2CI5apeUkCQQ >DK\nEj4TyFY07/7MZc7qNcH26j54PduVW+TgngOxv4xw2xtsTZJrYJgwHSzfdRaK7nug\nBNBy >9XqA9wAdRz0plL3JAkEAiyCuxFhz6F2NhMxDX9IczJPPiJ+v6qHGwSThiBv0\n9XgwpQqrFmBd >qAZ3SDjsgXkG2gAqZRuddbq55ffGSFtkpg=3D=3D\n-----END RSA PRIVATE KEY-----\n" > } > } >} > >-- >This message is automatically generated by JIRA. >If you think it was sent incorrectly, please contact your JIRA >administrators >For more information on JIRA, see: http://www.atlassian.com/software/jira > In attempt to redeem myself from the last na=EFve bug :) --=20 =C6