cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Linas Žilinskas <li...@host1plus.com>
Subject Re: Reset ssh key
Date Mon, 28 Nov 2016 10:25:34 GMT
It seems to be intented. Basically if you have a VM with 'password' 
feature enabled and ssh key enabled, the password is encrypted when 
stored in the database. Then when you are changing the ssh key for a VM, 
it resets the password so it can store it encrypted as well.

There's an API call which can retrieve the vm password later (after 
initial reset / creation / start), but it is encrypted and can only be 
decrypted using your private ssh key.

So technically this is a feature, with advanced security, but caused me 
some headaches before as well.


On 2016-11-22 14:28, Semih Tolga DEMİR wrote:
> Hi Dag & Pierre Luc
>
> We have a same situation which Pierre Luc mentioned, when we try to assign
> new ssh key it also resets vm’s admin password.
> So i like to learn if this is normal or not, so i took my question, so if
> this is a bug do you want me to create a Jira Ticket?
>
> Thanks
> Tolga
>
>   Also i am sorry that i could not clearly express my ssh key resetting
> problem on my previous emails :)
>
> 2016-11-22 17:01 GMT+03:00 Pierre-Luc Dion <pdion@cloudops.com>:
>
>> Hi Tolga,
>>
>> I'm not sure it as been raised as a bug but yes, when you reset the SSHkey
>> of a VM it also reset the user password. So I guest it's up to your
>> templates to support one auth method or both.
>>
>> Are you using cloud-init or scripts defined in the CloudStack documentation
>> ?
>>
>> Regards,
>>
>>
>>
>>
>>
>>> It’s possible a misunderstanding on my part – but how do you generate the
>>> SSH keys?
>>>
>>> If you do this from the CloudStack GUI: home > accounts > (accountname)
>
>>> (username) and click on the “generate keys” button – this does not
>> generate
>>> SSH keys, this generates the API + secret key for that user. To generate
>>> and upload SSH keys please refer to http://docs.cloudstack.apache.
>>> org/projects/cloudstack-administration/en/4.8/virtual_machines.html
>>>
>>> If you do follow this already – my apologies for the misunderstanding.
>>>
>>> Regards,
>>> Dag Sonstebo
>>> Cloud Architect
>>> ShapeBlue
>>>
>>> On 22/11/2016, 09:29, "Semih Tolga DEMİR" <semihtolgademir@gmail.com>
>>> wrote:
>>>
>>>      Hi,
>>>
>>>      I see this issue when adding new SSH Key Pair  to existing VM
>>>
>>>      Creating a new SSH Key
>>>      Accounts -> Create a SSH Key Pairs as tolga
>>>      Then
>>>      Create a VM without ssh key selection.
>>>      After login he VM with XXXXX password
>>>      Then shutdown VM
>>>      Reset SSH Key Pair
>>>      Select new ssh key (like tolgaSSH)
>>>      Password of the VM has been reset to YYYYY
>>>      Finally now i login with YYYYY.
>>>
>>>
>>>      Creating a new SSH Key
>>>      Accounts -> Create a SSH Key Pairs as tolga and tolgaSSH
>>>      Then
>>>      Create a VM with ssh key selection (like tolga)
>>>      After login he VM with XXXXX password
>>>      Then shutdown VM
>>>      Reset SSH Key Pair
>>>      Select new ssh key (like tolgaSSH)
>>>      Password of the VM has been reset to YYYYY
>>>      Finally now i login with YYYYY.
>>>
>>>      But i want only add/reset SSH Key Pair.
>>>
>>>      Thanks,
>>>      Tolga
>>>
>>>
>>>      2016-11-21 20:38 GMT+03:00 Dag Sonstebo <Dag.Sonstebo@shapeblue.com
>>> :
>>>
>>>      > Hi Tolga,
>>>      >
>>>      > Can you elaborate? Which SSH keys / passwords are we talking about?
>>>      >
>>>      > Regards,
>>>      > Dag Sonstebo
>>>      > Cloud Architect
>>>      > ShapeBlue
>>>      >
>>>      > On 21/11/2016, 16:43, "Semih Tolga DEMİR" <
>> semihtolgademir@gmail.com
>>>      > wrote:
>>>      >
>>>      >     Hi,
>>>      >
>>>      >     My test environment ACS 4.9, KVM hypervisor.
>>>      >     I want to understand why need to reset password when add/reset
>>> ssh key
>>>      > ?
>>>      >
>>>      >     Thanks,
>>>      >     Tolga
>>>      >
>>>      >
>>>      >
>>>      > Dag.Sonstebo@shapeblue.com
>>>      > www.shapeblue.com
>>>      > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
>>>      > @shapeblue
>>>      >
>>>      >
>>>      >
>>>      >
>>>
>>>
>>>
>>> Dag.Sonstebo@shapeblue.com
>>> www.shapeblue.com
>>> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
>>> @shapeblue
>>>
>>>
>>>
>>>

Linas Žilinskas
Head of Development
website <http://www.host1plus.com/> facebook 
<https://www.facebook.com/Host1Plus> twitter 
<https://twitter.com/Host1Plus> linkedin 
<https://www.linkedin.com/company/digital-energy-technologies-ltd.>

Host1Plus is a division of Digital Energy Technologies Ltd.

26 York Street, London W1U 6PZ, United Kingdom


Mime
View raw message