API change: managing SSH keys in Juju

Gustavo Niemeyer gustavo.niemeyer at canonical.com
Mon Nov 28 15:47:52 UTC 2011


> I would appreciate any comments on this proposed API change to Juju.

Thanks Jim. Let's see..

>  1. Configure via cloud-init using `ssh_keys`, which itself is a
>     dictionary that has this key to file correspondence::
(...)
>       addition, the ZK secret (admin password of ZK) is also stored
>       in instance metadata. So it doesn't get any worse with this
>       approach.

cloud-init is not a good place to have private information, as you
anticipated. The fact we have other private information there is no
excuse to introduce an insecure mechanism that is precisely
attempting to improve security.

William already had a better grip on that problem, but there was one
gotcha on his approach that he understandably didn't think of which is
the fact txaws itself is completely insecure to man-in-the-middle
attacks (which is, again, what we're trying to solve) since it doesn't
verify the SSL certificates. The first step towards introducing
security against man-in-the-middle is to fix txaws.

-- 
Gustavo Niemeyer
http://niemeyer.net
http://niemeyer.net/plus
http://niemeyer.net/twitter
http://niemeyer.net/blog

-- I'm not absolutely sure of anything.



More information about the Juju mailing list