[ubuntu-server] Trying Ubuntu Server in Amazon EC2
Eric Hammond
esh at ubuntu.com
Tue Oct 12 01:51:18 UTC 2010
On 10/11/2010 06:24 PM, Scott Moser wrote:
> It is in the FAQ.
I'm probably sounding like a broken record to you, but as a general
rule, I don't believe that people read documentation when it looks like
they can accomplish what they want without it. Best to not have
surprises or confusing features if you can avoid it, and in this case,
it sounds like you can.
> The primary reason for
> launching with a key was so we could debug if necessary, and
explicitly so
> that if the user was locked out (ie, no access to their published
> launchpad keys), then we could ssh in, set a onetime password and show
> that to the user.
I believe it's better to err on the side of security than convenience
here. This is how Amazon does it with EC2 in the larger scheme of
things. If you lock yourself out, they cannot help you get access to
your box no matter how important it is to you (generally). That's how
important your security is to them and I'd love to see Canonical
continue this level of trust.
Again, I realize that this is just a simple trial, but if simple things
are designed with security in mind from the beginning, then it will be
easier to carry through to when those projects and ideas are used in
larger, more important situations.
> There is obviously trust in the launcher (Canonical) as they could have
> done any nefarious things they wanted to the image.
Obviously. And when I find that the launcher has put in place a clear
back door for convenience, it increases the doubt that they may at some
point add secret back doors for some other noble purpose.
> The project is open source (AGPL) and available at
> https://launchpad.net/awstrial
nice.
--
Eric Hammond
More information about the ubuntu-server
mailing list