[DISCUSS] Return ssh publickeys in listSSHKeyPairs
Hi, With the development of gClouds, a google compute interface for cloudstack I have found the need to get access to the ssh public keys that Cloudstack generates as part of a keypair. The publickeys are currently not exposed in any way. As a result of this I'm implementing a hacky workaround to segment ssh public keys across tags on an instance which is far from ideal. Does anybody have any objections towards modifying listSSHKeyPairs to return the public key along with the fingerprint and key name? Thanks, Ian.
Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
On Oct 5, 2013, at 3:41 PM, Ian Duffy wrote: > Hi, > > With the development of gClouds, a google compute interface for > cloudstack I have found the need to get access to the ssh public keys > that Cloudstack generates as part of a keypair. > > The publickeys are currently not exposed in any way. As a result of > this I'm implementing a hacky workaround to segment ssh public keys > across tags on an instance which is far from ideal. > > Does anybody have any objections towards modifying listSSHKeyPairs to > return the public key along with the fingerprint and key name? > > Thanks, > Ian. that's a +1 from me since it is returned during the createSSHKeyPair call. There might be a security reason for not returning the public key on a list call, but I don't see it. -sebastien
RE: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
Hi guys , >From my fundamentals of security I do not think returning a public key is >wrong . What is sensitive is the private key. As long as that is bit exposed in any way then all should be well. Thanks and good day Sent from my Windows Phone From: sebgoa<mailto:run...@gmail.com> Sent: 10/8/2013 2:42 PM To: dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org> Subject: Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs On Oct 5, 2013, at 3:41 PM, Ian Duffy wrote: > Hi, > > With the development of gClouds, a google compute interface for > cloudstack I have found the need to get access to the ssh public keys > that Cloudstack generates as part of a keypair. > > The publickeys are currently not exposed in any way. As a result of > this I'm implementing a hacky workaround to segment ssh public keys > across tags on an instance which is far from ideal. > > Does anybody have any objections towards modifying listSSHKeyPairs to > return the public key along with the fingerprint and key name? > > Thanks, > Ian. that's a +1 from me since it is returned during the createSSHKeyPair call. There might be a security reason for not returning the public key on a list call, but I don't see it. -sebastien
Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
On Tue, Oct 08, 2013 at 01:05:32PM +, Frankie Onuonga wrote: > Hi guys , > From my fundamentals of security I do not think returning a public key is > wrong . > What is sensitive is the private key. > As long as that is bit exposed in any way then all should be well. +1 to Frankie's comment
Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
Great thanks for the feedback. Will get this applied at the weekend. Just out of interest. In an account we have users. Those users have access to all the VMs via the Cloudstack Management interface. However they don't necessarily have access to the VMs(i.e. They do not know its password or their public key is not contained within the machines authorized_keys). Is there any way to add multiple SSH Public keys to a VM without powering it down? Basically, I want a way for all users of an account to share access to all VMs owned by that account without having to manually store passwords/private-ssh-keys on a separate system. Or by being able to inject a SSH key or password reset without changing the power state of the VM. Thanks. On 8 October 2013 16:06, Chip Childers wrote: > On Tue, Oct 08, 2013 at 01:05:32PM +, Frankie Onuonga wrote: > > Hi guys , > > From my fundamentals of security I do not think returning a public key > is wrong . > > What is sensitive is the private key. > > As long as that is bit exposed in any way then all should be well. > > +1 to Frankie's comment >
Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
I need this as well. AFAIK, an agent is needed in user vms. > Is there any way to add multiple SSH Public keys to a VM without powering it down?
Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs
> AFAIK, an agent is needed in user vms. I was hoping it'd be possible via the file sharing capabilities many of the hypervisor tools offer. Although I would imagine security issues could arise from that. On 9 October 2013 15:51, Wei ZHOU wrote: > I need this as well. > > AFAIK, an agent is needed in user vms. > >> Is there any way to add multiple SSH Public keys to a VM without powering > it down?
