Thanks a lot Juerg. On 1/21/2014 7:08 PM, Juerg Haefliger wrote: > > On Tue, Jan 21, 2014 at 10:23 AM, jeffty <wantwater...@gmail.com > <mailto:wantwater...@gmail.com>> wrote: >> >> Me 2:) >> >> Another question, how does customer decrypt the string with his > private key? >> >> It requires that he has an environment with OpenSSL installed? > > Yes, you need OpenSSL inside the Windows instance to encrypt the > password and also in the env where you want to decrypt it. > > To encrypt (in Unix notation): > > ssh-keygen -e -m pkcs8 -f <SSH public key> > id_rsa.pub8 > enc_pw=$(echo 'MyRandomPassword' | openssl rsautl -encrypt -inkey > id_rsa.pub8 -pubin | openssl enc -base64) > > To decrypt: > > echo $enc_pw | openssl enc -base64 -d | openssl rsautl -decrypt -inkey > <SSH private key> > > ...Juerg > > > >> On 1/21/2014 3:44 PM, Georgios Dimitrakakis wrote: >> > Indeed this is very interesting! >> > I would also like to see it if possible! >> > >> > Best, >> > >> > G. >> > >> > On Tue, 21 Jan 2014 08:22:44 +0100, Joe Topjian wrote: >> >> Hi Juerg, >> >> >> >> Thats a really creative way of setting the password. Are you able to >> >> share your powershell script? >> >> >> >> Thanks, >> >> Joe >> >> >> >> On Tue, Jan 21, 2014 at 8:15 AM, Juerg Haefliger wrote: >> >> >> >>> On Tue, Jan 21, 2014 at 3:15 AM, jeffty wrote: >> >>>> >> >>>> Thanks Joe, It really helps. >> >>> > >> >>>> Will check them to find the proper way. >> >>> > >> >>>> Thanks. >> >>>> >> >>>> On 1/19/2014 3:32 PM, Joe Topjian wrote: >> >>>> > Hello, >> >>>> > >> >>>> > Weve used this in the past: >> >>>> > >> >>>> > https://github.com/jordanrinke/openstack [2] >> >>> > > >> >>>> > It allows a user to type in an Administrator password in the >> >>> Post Config >> >>>> > text box when launching an instance in Horizon. The password is >> >>> then >> >>>> > retrieved when Windows first boots via the metadata service. >> >>> > > >> >>>> > We stopped using it for two reasons, though: >> >>>> > >> >>>> > 1. The password was permanently stored in the metadata server >> >>>> > 2. There was no (default) way to let the user know that the >> >>> password >> >>> > > they chose was not a strong enough password >> >>>> > >> >>>> > We now just have users connect to the VNC console and set the >> >>> password >> >>>> > upon first boot. >> >>>> > >> >>>> > There have been a few discussions over the past year on the >> >>> > > openstack-operators list about the cloudbase Windows cloud-init >> >>> service. >> >>>> > I think one or two people have been able to get the password >> >>> injection >> >>>> > portion working. It might be worth a shot to search the >> >>> archives: >> >>> > > >> >>>> > http://www.gossamer-threads.com/lists/openstack/operators/ [3] >> >>>> > >> >>>> > Joe >> >>>> > >> >>>> > >> >>> > > On Sun, Jan 19, 2014 at 4:21 AM, jeffty > > wrote: >> >>>> > >> >>>> > Thanks Jacob. >> >>>> > >> >>>> > Is there any openstack API guide for send instance >> >>> password while >> >>> > > launch it? >> >>>> > >> >>>> > Thanks. >> >>>> > >> >>>> > On 1/19/2014 11:08 AM, Jacob Godin wrote: >> >>>> > > Yes, they must input a password every time. Its within >> >>> Windows, they >> >>> > > > must use the console. >> >>>> > > >> >>>> > > Sent from my mobile device >> >>>> > > >> >>>> > > On Jan 18, 2014 10:51 PM, "jeffty" > >> >>>> > > > >> >>> > > wrote: >> >>>> > > >> >>>> > > Thanks Jacob. >> >>>> > > >> >>>> > > Then the user must input a password for every >> >>> windows instance he >> >>>> > > launched? >> >>> > > > >> >>>> > > In other word different instance owns different >> >>> password even >> >>>> > they are >> >>>> > > launched at the same time? e.g. Input 3 while >> >>> launching >> >>>> > instance in >> >>> > > > Horizon portal for this windows image. >> >>>> > > >> >>>> > > If yes, how to send this password to the instance >> >>> in portal? >> >>>> > That should >> >>>> > > be implemented by meta service. >> >>> > > > >> >>>> > > If no, all of the instances have the same default >> >>> password, right? >> >>>> > > >> >>>> > > >> >>>> > > On 1/19/2014 10:02 AM, Jacob Godin wrote: >> >>> > > > > Weve used sysprep to have the administrator >> >>> provide a password >> >>>> > > when the >> >>>> > > > instance is first booted. >> >>>> > > >> >>> >> >>> We use a simple powershell script that generates a random >> >>> Administrator password on first boot, pulls the SSH key from the >> >>> metadata server, encrypts the password with the key and writes the >> >>> encrypted password to the serial port. >> >>> >> >>> The user retrieves the encrypted password through the nova >> >>> console-log and decrypts it with his private key. The image is setup >> >>> such that the user is prompted to change the (random) password the >> >>> first time he logs into the instance. >> >>> >> >>> ...Juerg >> >>> >> >>>> > >> >>>> > _______________________________________________ >> >>>> > Mailing list: >> >>>> > >> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [10] >> >>> > > Post to : openstack@lists.openstack.org > <mailto:openstack@lists.openstack.org> [11] >> >>>> > >> >>> > > Unsubscribe : >> >>>> > >> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [13] >> >>>> > >> >>>> > >> >>> > >> >>>> >> >>> > _______________________________________________ >> >>>> Mailing list: >> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [14] >> >>> > Post to : openstack@lists.openstack.org > <mailto:openstack@lists.openstack.org> [15] >> >>> > Unsubscribe : >> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [16] >> >> >> >> >> >> >> >> Links: >> >> ------ >> >> [1] mailto:wantwater...@gmail.com <mailto:wantwater...@gmail.com> >> >> [2] https://github.com/jordanrinke/openstack >> >> [3] http://www.gossamer-threads.com/lists/openstack/operators/ >> >> [4] mailto:wantwater...@gmail.com <mailto:wantwater...@gmail.com> >> >> [5] mailto:wantwater...@gmail.com <mailto:wantwater...@gmail.com> >> >> [6] mailto:wantwater...@gmail.com <mailto:wantwater...@gmail.com> >> >> [7] mailto:wantwater...@gmail.com <mailto:wantwater...@gmail.com> >> >> [8] mailto:wantwater...@gmail.com <mailto:wantwater...@gmail.com> >> >> [9] mailto:wantwater...@gmail.com <mailto:wantwater...@gmail.com> >> >> [10] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> [11] mailto:openstack@lists.openstack.org > <mailto:openstack@lists.openstack.org> >> >> [12] mailto:openstack@lists.openstack.org > <mailto:openstack@lists.openstack.org> >> >> [13] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> [14] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> [15] mailto:openstack@lists.openstack.org > <mailto:openstack@lists.openstack.org> >> >> [16] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> [17] mailto:jue...@gmail.com <mailto:jue...@gmail.com> >> > >> >> >> _______________________________________________ >> Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack@lists.openstack.org > <mailto:openstack@lists.openstack.org> >> Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
