incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <>
Subject Re: [DISCUSS] SSH keys overwritten for user running management server
Date Thu, 15 Nov 2012 02:33:36 GMT

On 11/14/12 6:11 PM, "Satoshi Kobayashi" <>

>Hi Dave,
>2012/11/14 Dave Cahill <>:
>> Hi,
>> I've recently been running the management server from source using mvn
>> :cloud-client-ui jetty:run, and I've come across an issue.
>> If the "ssh.privatekey" configuration entry is not present in the
>> management server db, then in ConfigurationServerImpl
>>     - Given what I know so far, I disagree with this option; the
>> seems weird even for the "cloud" user, and someone will certainly try to
>> run as their own user even if we recommend against it
>> * The management server should back up old ssh keys before deleting them
>> - Better than nothing, but non-ideal; unless the user realizes what
>> happened, this will not help them
>> * The management server should use existing ssh keys if available,
>> of recreating
>> - This sounds like a good option - may cause issues if the existing
>> is password-protected?
>> * The management server should use a non-default filename for the ssh
>> e.g. id_rsa.systemvm and, to avoid damaging existing
>> SSH keys
>> - This option seems ideal from my point of view, but may involve extra
>+1 for a non-default filename ssh key idea.
>I think that it is dangerous that a default ssh key is overwritten
>even if it adopts other ideas.

+1 for non-default filename. As Prasanna said, in the ant mode, it never
deleted the old key, it just reused it.
Not sure how it got borked.

View raw message