You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Ian Duffy <ia...@ianduffy.ie> on 2013/10/05 15:41:01 UTC
[DISCUSS] Return ssh publickeys in listSSHKeyPairs
Hi,
With the development of gClouds, a google compute interface for
cloudstack I have found the need to get access to the ssh public keys
that Cloudstack generates as part of a keypair.
The publickeys are currently not exposed in any way. As a result of
this I'm implementing a hacky workaround to segment ssh public keys
across tags on an instance which is far from ideal.
Does anybody have any objections towards modifying listSSHKeyPairs to
return the public key along with the fingerprint and key name?
Thanks,
Ian.
Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
Posted by Ian Duffy <ia...@ianduffy.ie>.
> AFAIK, an agent is needed in user vms.
I was hoping it'd be possible via the file sharing capabilities many
of the hypervisor tools offer.
Although I would imagine security issues could arise from that.
On 9 October 2013 15:51, Wei ZHOU <us...@gmail.com> wrote:
> I need this as well.
>
> AFAIK, an agent is needed in user vms.
>
>> Is there any way to add multiple SSH Public keys to a VM without powering
> it down?
Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
Posted by Wei ZHOU <us...@gmail.com>.
I need this as well.
AFAIK, an agent is needed in user vms.
> Is there any way to add multiple SSH Public keys to a VM without powering
it down?
Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
Posted by Ian Duffy <ia...@ianduffy.ie>.
Great thanks for the feedback. Will get this applied at the weekend.
Just out of interest. In an account we have users. Those users have access
to all the VMs via the Cloudstack Management interface. However they don't
necessarily have access to the VMs(i.e. They do not know its password or
their public key is not contained within the machines authorized_keys).
Is there any way to add multiple SSH Public keys to a VM without powering
it down?
Basically, I want a way for all users of an account to share access to all
VMs owned by that account without having to manually store
passwords/private-ssh-keys on a separate system. Or by being able to inject
a SSH key or password reset without changing the power state of the VM.
Thanks.
On 8 October 2013 16:06, Chip Childers <ch...@sungard.com> wrote:
> On Tue, Oct 08, 2013 at 01:05:32PM +0000, Frankie Onuonga wrote:
> > Hi guys ,
> > From my fundamentals of security I do not think returning a public key
> is wrong .
> > What is sensitive is the private key.
> > As long as that is bit exposed in any way then all should be well.
>
> +1 to Frankie's comment
>
Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
Posted by Chip Childers <ch...@sungard.com>.
On Tue, Oct 08, 2013 at 01:05:32PM +0000, Frankie Onuonga wrote:
> Hi guys ,
> From my fundamentals of security I do not think returning a public key is wrong .
> What is sensitive is the private key.
> As long as that is bit exposed in any way then all should be well.
+1 to Frankie's comment
RE: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
Posted by Frankie Onuonga <fr...@angani.co>.
Hi guys ,
>From my fundamentals of security I do not think returning a public key is wrong .
What is sensitive is the private key.
As long as that is bit exposed in any way then all should be well.
Thanks and good day
Sent from my Windows Phone
________________________________
From: sebgoa<ma...@gmail.com>
Sent: 10/8/2013 2:42 PM
To: dev@cloudstack.apache.org<ma...@cloudstack.apache.org>
Subject: Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
On Oct 5, 2013, at 3:41 PM, Ian Duffy <ia...@ianduffy.ie> wrote:
> Hi,
>
> With the development of gClouds, a google compute interface for
> cloudstack I have found the need to get access to the ssh public keys
> that Cloudstack generates as part of a keypair.
>
> The publickeys are currently not exposed in any way. As a result of
> this I'm implementing a hacky workaround to segment ssh public keys
> across tags on an instance which is far from ideal.
>
> Does anybody have any objections towards modifying listSSHKeyPairs to
> return the public key along with the fingerprint and key name?
>
> Thanks,
> Ian.
that's a +1 from me since it is returned during the createSSHKeyPair call.
There might be a security reason for not returning the public key on a list call, but I don't see it.
-sebastien
Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
Posted by sebgoa <ru...@gmail.com>.
On Oct 5, 2013, at 3:41 PM, Ian Duffy <ia...@ianduffy.ie> wrote:
> Hi,
>
> With the development of gClouds, a google compute interface for
> cloudstack I have found the need to get access to the ssh public keys
> that Cloudstack generates as part of a keypair.
>
> The publickeys are currently not exposed in any way. As a result of
> this I'm implementing a hacky workaround to segment ssh public keys
> across tags on an instance which is far from ideal.
>
> Does anybody have any objections towards modifying listSSHKeyPairs to
> return the public key along with the fingerprint and key name?
>
> Thanks,
> Ian.
that's a +1 from me since it is returned during the createSSHKeyPair call.
There might be a security reason for not returning the public key on a list call, but I don't see it.
-sebastien