> The best idea I've heard for a secure windows password > is the following: > > a) put a public key on the instance via metadata or config drive (for ease of > use this could actually just be the ssh public key you normally use for > logging into the vm). > b) have a daemon in the windows instance that: > * generates a random password > * sets the administrator password to the random password > * encrypts it with the public key > * serves the encrypted password over https on a known port (say 9999) > c) open up port (9999) in the instance's security group > d) retrieve the encrypted password and decrypt it > e) close port (9999) in the instances security group
+1 for this. As a side note, there's probably work to be done to ensure that the instance actually has good entropy and can create a truly random password. Nevertheless, this entropy problem could be solved separately from what Vish describes above. -bryan _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
