Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs

2013-10-09 Thread Ian Duffy 
Great thanks for the feedback. Will get this applied at the weekend.

Just out of interest. In an account we have users. Those users have access
to all the VMs via the Cloudstack Management interface. However they don't
necessarily have access to the VMs(i.e. They do not know its password or
their public key is not contained within the machines authorized_keys).

Is there any way to add multiple SSH Public keys to a VM without powering
it down?

Basically, I want a way for all users of an account to share access to all
VMs owned by that account without having to manually store
passwords/private-ssh-keys on a separate system. Or by being able to inject
a SSH key or password reset without changing the power state of the VM.

Thanks.


On 8 October 2013 16:06, Chip Childers chip.child...@sungard.com wrote:

 On Tue, Oct 08, 2013 at 01:05:32PM +, Frankie Onuonga wrote:
  Hi guys ,
  From my fundamentals of security I do not think returning a public key
 is wrong .
  What is sensitive is the private key.
  As long as that is bit exposed in any way then all should be well.

 +1 to Frankie's comment

Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs

2013-10-09 Thread Wei ZHOU 
I need this as well.

AFAIK, an agent is needed in user vms.

 Is there any way to add multiple SSH Public keys to a VM without powering
it down?

Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs

2013-10-09 Thread Ian Duffy 
 AFAIK, an agent is needed in user vms.

I was hoping it'd be possible via the file sharing capabilities many
of the hypervisor tools offer.
Although I would imagine security issues could arise from that.

On 9 October 2013 15:51, Wei ZHOU ustcweiz...@gmail.com wrote:
 I need this as well.

 AFAIK, an agent is needed in user vms.

 Is there any way to add multiple SSH Public keys to a VM without powering
 it down?

Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs

2013-10-08 Thread sebgoa 

On Oct 5, 2013, at 3:41 PM, Ian Duffy i...@ianduffy.ie wrote:

 Hi,
 
 With the development of gClouds, a google compute interface for
 cloudstack I have found the need to get access to the ssh public keys
 that Cloudstack generates as part of a keypair.
 
 The publickeys are currently not exposed in any way. As a result of
 this I'm implementing a hacky workaround to segment ssh public keys
 across tags on an instance which is far from ideal.
 
 Does anybody have any objections towards modifying listSSHKeyPairs to
 return the public key along with the fingerprint and key name?
 
 Thanks,
 Ian.

that's a +1 from me since it is returned during the createSSHKeyPair call.

There might be a security reason for not returning the public key on a list 
call, but I don't see it.

-sebastien

Re: [DISCUSS] Return ssh publickeys in listSSHKeyPairs

2013-10-08 Thread Chip Childers 
On Tue, Oct 08, 2013 at 01:05:32PM +, Frankie Onuonga wrote:
 Hi guys ,
 From my fundamentals of security I do not think returning a public key is 
 wrong .
 What is sensitive is the private key.
 As long as that is bit exposed in any way then all should be well.

+1 to Frankie's comment