Hi Scott,
sorry of this sounded like I'm disparaging the security of these images.
This was absolutely NOT my intention. My point is, for security
appliances user access into the instance may be disabled, even if
they're using the standard SSH keys. So this solution would be one more
access method (a nicer word than "backdoor", right :-) that would need
to be blocked as part of hardening the instance/image.
Thanks,
Yaron
On 05/04/2012 12:42 AM, Scott Moser wrote:
On Thu, 3 May 2012, Yaron wrote:
Regarding the recovery shell idea: some of us are developing
security-sensitive appliances on top of these AMIs. Please make sure that
any potential "backdoors" into the image have a well-defined, wellinstance
documented way to disable them while customizing the image.
Well, it would just run a ssh server, that would allow you in as root via
ssh keys that were already in .ssh/authorized_keys (or pulled from the
metadata service). But we're most definitely not going to just set the
password to "password".
Thanks for the input though.
--
*Yaron Sheffer*|Co-Founder and CTO, *Porticor Cloud Security*| T:+972 73
7294673 <tel:+972-73-7294673> | M:+972 52 8698984 <tel:+972-52-8698984>
| [email protected] <mailto:[email protected]> |www.porticor.com
<http://www.porticor.com/>
--
Ubuntu-cloud mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-cloud
