cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Prasanna Santhanam (JIRA)" <>
Subject [jira] [Closed] (CLOUDSTACK-1335) SSH keys overwritten for user running management server
Date Fri, 08 Mar 2013 12:32:14 GMT


Prasanna Santhanam closed CLOUDSTACK-1335.

    Resolution: Duplicate
> SSH keys overwritten for user running management server
> -------------------------------------------------------
>                 Key: CLOUDSTACK-1335
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.2.0
>         Environment: Running the management server from source using:
> mvn -pl :cloud-client-ui jetty:run
> Running as a user other than "cloud"
>            Reporter: Dave Cahill
>            Assignee: Harikrishna Patnala
>             Fix For: 4.2.0
> If the "ssh.privatekey" configuration entry is not present in the management server database
(e.g. after a database redeploy), the user who is running the management server will have
their *default* public / private keys (/home/username/.ssh/id_rsa and /home/username/.ssh/
deleted and overwritten with newly generated keys.
> Having your default SSH keys blown away is really bad (and unexpected) behaviour - any
servers (e.g. GitHub) where you have your public key registered will become inaccessible to
> After discussion on-list [1], the preferred fix seems to be to have the management server
use a non-default filename for these ssh keys,
> e.g. id_rsa.systemvm and, to avoid damaging existing SSH keys
> There was also a suggestion to reuse the existing ssh key in developer mode; i.e. if
id_rsa.systemvm exists on disk, write that to the db and use it instead of deleting and generating
a new one.
> [1] [DISCUSS] SSH keys overwritten for user running management server

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message