[Cialug] Access credentials for new cloud instances
Matthew Nuzum
newz at bearfruit.org
Mon Jan 23 16:03:26 CST 2012
On Mon, Jan 23, 2012 at 3:06 PM, Zachary Kotlarek <zach at kotlarek.com> wrote:
>
> Doesn't your cloud host provide a way for you to pass data into the
> instance as part of the launch request? If there's any such comm channel
> you could use it either to pass a key to the server directly, or to pass a
> cookie used to authenticate locally-generated credentials.
>
> Without that kind of comm channel, or some machine auth system provided by
> the cloud host, you'll need a static key. But that can be less ominous than
> it sounds -- you can pre-install a user and public SSH key on the instance
> image, so that your central server can log into it and generate an
> instance-specific key. Once you have that key exchange done the instance
> can drive its own setup as before, but logging into the instance to
> generate the key avoids storing any secrets in your instance image (shared
> or otherwise).
>
>
Both are excellent suggestions. Thanks for the tips.
--
Matthew Nuzum
newz2000 on freenode, skype, linkedin and twitter
♫ You're never fully dressed without a smile! ♫
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20120123/c891ff57/attachment.html>
More information about the Cialug
mailing list