ssh aws key management
Karl Auer
kauer at biplane.com.au
Sun Nov 12 08:08:54 UTC 2017
On Sun, 2017-11-12 at 07:42 +0000, thufir wrote:
> All this said, you do not require the AWS-supplied identity
> Ohhh, I see. You're suggesting, really, to just use a more regular
> type of ssh usage. To my understanding, at least. Yes/no?
Yes - or at least, the option is available to you. I'm not recommending
it, just telling you about it. There is nothing special about the AWS-
supplied key except (and this IS important) it does not have a
passphrase, and that IMHO means you should not ue it and should make it
unusable. Or adda passphrase to it :-)
> When I want access to a remote system, add my public key to the
> remote system. Presto, access? Yes, I want passwordless, key-only,
> login to the default "ubuntu" user (because, as you pointed out, it
> has passwordless sudo access).
By "passwordless" I mean you should disable the ability to log into
your instance using a password; you should require a previously-
installed public key.
You should DEFINITELY not use keys without passphrases. If you do,
anyone who acquires your keys can log in anywhere you can log in. Two
minutes with your unattended laptop and they are gone. Unless you
encrypted your disks.
> I suppose that the AWS way of doing things is to make it easy for
> them, with generating special keys, downloading keys, etc, etc. PITA
> for me.
They offer you a working key. You do not have to use it.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
More information about the ubuntu-users
mailing list