You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2021/03/24 13:19:42 UTC

[GitHub] [cloudstack] GutoVeronezi commented on pull request #4819: Remove meaningless password regeneration on resetSSHKeyForVirtualMachine

GutoVeronezi commented on pull request #4819:
URL: https://github.com/apache/cloudstack/pull/4819#issuecomment-805813577


   @harikrishna-patnala 
   
   This behavior does not make any sense outside of the first password/resetting password API context. I see no problem in using the SSH key public key to encrypt the VM password, but not at this point.
   
   Let's take a look at these cases:
      - A VM is created and a random password is generated. Users logins into their VM and changes their password, then they enable/set a new SSH key to the VM. So what now? They cannot log in anymore with the password had been using so far due to 'resetSSHKeyForVirtualMachine' changing the VM password without it being requested;
      - A VM is created with an SSH key and a random encrypted password is generated. The password of the VM is saved in the database. Users login into their VM and change its password. Now VM's password is different than what was saved in the database and `getVMPassword` will not serve its purpose too;
   
   Users changing VM's password is a normal behavior (and they should do it). the API (`getVMPassword`) is not the source of truth for the VM password. It has its purpose in a specific life-cycle in ACS, which is the life-cyle of initial passwords and reset password processes. 
   
   What is the problem if the API method `resetSSHKeyForVirtualMachine` stops doing that password-change? It will not break anything. It will not change anything for the end-user. The `getVMPassword` will keep returning the last password randomly generated by ACS, which is probably not valid anymore as expected because the user changed his/her password already in the operating system of the VM.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org