[ubuntu-server] Trying Ubuntu Server in Amazon EC2

Tue Oct 12 02:50:21 UTC 2010

On Mon, 11 Oct 2010, Eric Hammond wrote:

> On 10/11/2010 06:24 PM, Scott Moser wrote:
> > It is in the FAQ.
>
> I'm probably sounding like a broken record to you, but as a general rule, I
> don't believe that people read documentation when it looks like they can
> accomplish what they want without it.  Best to not have surprises or confusing
> features if you can avoid it, and in this case, it sounds like you can.

Again, its configurable.  We wanted the experience to be as smooth as
possible.  You brought up yourself that you didn't think the experience
would be smooth for people without a launchpad account.  We wanted to give
a large number of people the ability to see Ubuntu server (on ec2) in
action.  That was the primary goal.  The changes to the default settings
were done in the most secure way we could think of and still achieve that
goal.

> > The primary reason for
> > launching with a key was so we could debug if necessary, and explicitly so
> > that if the user was locked out (ie, no access to their published
> > launchpad keys), then we could ssh in, set a onetime password and show
> > that to the user.
>
> I believe it's better to err on the side of security than convenience here.
> This is how Amazon does it with EC2 in the larger scheme of things.  If you
> lock yourself out, they cannot help you get access to your box no matter how
> important it is to you (generally).  That's how important your security is to
> them and I'd love to see Canonical continue this level of trust.

I would never suggest this for the base images.  Canonical will never
insert back doors into Ubuntu EC2 images or *any* Ubuntu delivery.

I don't (yet) regret that decision, but I understand the concern.  Again,
we're not using it at all, and its very easily disabled by the user.

> Again, I realize that this is just a simple trial, but if simple things are
> designed with security in mind from the beginning, then it will be easier to
> carry through to when those projects and ideas are used in larger, more
> important situations.
>
> > There is obviously trust in the launcher (Canonical) as they could have
> > done any nefarious things they wanted to the image.
>
> Obviously.  And when I find that the launcher has put in place a clear back
> door for convenience, it increases the doubt that they may at some point add
> secret back doors for some other noble purpose.

A documented, easily discoverable "backdoor", and its only a trial
instance.  I personally don't think its that big of a deal *in this
scenario*.