[ubuntu-server] Trying Ubuntu Server in Amazon EC2

Eric Hammond esh at ubuntu.com
Tue Oct 12 01:51:18 UTC 2010

On 10/11/2010 06:24 PM, Scott Moser wrote:
 > It is in the FAQ.

I'm probably sounding like a broken record to you, but as a general 
rule, I don't believe that people read documentation when it looks like 
they can accomplish what they want without it.  Best to not have 
surprises or confusing features if you can avoid it, and in this case, 
it sounds like you can.

 > The primary reason for
 > launching with a key was so we could debug if necessary, and 
explicitly so
 > that if the user was locked out (ie, no access to their published
 > launchpad keys), then we could ssh in, set a onetime password and show
 > that to the user.

I believe it's better to err on the side of security than convenience 
here.  This is how Amazon does it with EC2 in the larger scheme of 
things.  If you lock yourself out, they cannot help you get access to 
your box no matter how important it is to you (generally).  That's how 
important your security is to them and I'd love to see Canonical 
continue this level of trust.

Again, I realize that this is just a simple trial, but if simple things 
are designed with security in mind from the beginning, then it will be 
easier to carry through to when those projects and ideas are used in 
larger, more important situations.

 > There is obviously trust in the launcher (Canonical) as they could have
 > done any nefarious things they wanted to the image.

Obviously.  And when I find that the launcher has put in place a clear 
back door for convenience, it increases the doubt that they may at some 
point add secret back doors for some other noble purpose.

 > The project is open source (AGPL) and available at
 > https://launchpad.net/awstrial


Eric Hammond

More information about the ubuntu-server mailing list