Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method.
Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber <terbol...@gmail.com> wrote: > On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari < > astro.alir...@yahoo.com.invalid> wrote: > >> HiI viewed the bash script that resets Linux password ( >> http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It >> seems that it doesn't use a secure way for transferring password string to >> instance.Instances on a shared network can sniff password requests and >> export requested password of other instances.I suggest to use SSL (https) >> instead of plan text.Regards >> >> > I like the idea, but there's a couple of obstacles to overcome, namely > which SSL certificates to use. > - certificates need a subject name, ie. IP or hostname for web pages, you > could solve this by making the mgmt server a CA and have each VR get a > signed certificate by it, but it's complicated > - if the community bundle a pre generated certificate it is commonly known > and not to be trusted, also not sure how to handle subject name > - assuming everyone to supply a valid certificate is quite complicated (CA > must be on VR etc), and makes it considerably harder to get a working setup > - using self signed causes issues with validation > > > Don't get me wrong, I love the idea, but it's not just to flip a switch and > have (proper) SSL in place. > > -- > Erik
