> The best idea I've heard for a secure windows password
> is the following:
> a) put a public key on the instance via metadata or config drive (for ease of 
> use this could actually just be the ssh public key you normally use for 
> logging into the vm).
> b) have a daemon in the windows instance that:
>  * generates a random password
>  * sets the administrator password to the random password
>  * encrypts it with the public key
>  * serves the encrypted password over https on a known port (say 9999)
> c) open up port (9999) in the instance's security group
> d) retrieve the encrypted password and decrypt it
> e) close port (9999) in the instances security group

+1 for this.

As a side note, there's probably work to be done to ensure that the
instance actually has good entropy and can create a truly random
password.  Nevertheless, this entropy problem could be solved
separately from what Vish describes above.


Mailing list: https://launchpad.net/~openstack
Post to     : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Reply via email to