Hi, I've moved this from cloud-utils to euca2ools, since that is where
euca-add-keypair comes from.
The thing that makes this really un-fixable is
* once the shell opens (via '>'), the local copy of the private key is already
lost, which means
* in order euca2ools to write it to stdout, it would have to know the private
key, that would mean the *server* would have to know the private key. In
general, thats a bad idea. While its possible that EC2 or Eucalyptus keep a
copy of your private key, you do not really want them to.
The best solution to your problem then, is either:
a.) use euca-import-keypair, which allows you to import existing keypairs
rather than dynamically creating a new one, *and* means the server never sees
your private key at all.
b.) use a wrapper script around euca-add-keypair
You should do this anyway, at very least your pasted command *should* look
more like:
umask 066 && euca-add-keypair $USERNAME > "$USERNAME.key"
or perhaps:
euca-describe-keypairs "$USERNAME" || (umask 066 && euca-add-keypair
"$USERNAME" > "$USERNAME.key" )
The umask is important to avoid a small period of time where permissions
are likely 644.
** Package changed: cloud-utils (Ubuntu) => euca2ools (Ubuntu)
** Changed in: euca2ools (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: euca2ools (Ubuntu)
Status: New => Incomplete
** Changed in: euca2ools (Ubuntu)
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to euca2ools in Ubuntu.
https://bugs.launchpad.net/bugs/1029355
Title:
euca-add-keypair could overwrite key files if the key is already added
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/euca2ools/+bug/1029355/+subscriptions
--
Ubuntu-server-bugs mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
