Le Mon, Sep 12, 2011 at 10:56:05AM -0400, Kyle Moffett a écrit : > > My latest patch (attached) provides a bunch more features for installing > in virtualized environments. You can also download it at this URL: > http://opensource.exmeritus.com/debian-ami/network-console-1.29+euca01.patch > > Specifically, my patch allows you enable both password and public-key auth, > by preseeding both a password and the authorized_keys URL. If you don't > want to enable password authentication, you can preseed "password-disabled" > instead. > > Additionally, I add a "publi-ip-url" key which causes the "IP" value in the > network-console message to be obtained from the virtualized hosting system. > > Finally, I rewrite the post-base-installer hook to automatically copy the > authorized_keys file to the newly created user on the target system. If > a non-root user was created during the installation then the key is copied > to that user, otherwise it is copied to root.
Hi Kyle, the two first features are good additions. However, I think that the third feature, to add the SSH keys to the target system, should be at least disabled by default, or removed, for the following two reasons: 1) Public images should not contain public SSH keys that allow the owner of the private key to gain administrator priviledges, see: - http://alestic.com/2011/06/ec2-ami-security - https://forums.aws.amazon.com/thread.jspa?threadID=67299 2) The same functionality could be achieved by dowloading the public keys at the first run of fresh images, from the same special URL. I think that this is more flexible, and more images would benefit of this (for instance images that were not created through the network console). Let's have this function in a separate package. Have a nice day, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110914014338.gb5...@merveille.plessy.net