Le Thu, Dec 06, 2012 at 04:15:49PM +0100, Holger Levsen a écrit :
> On Donnerstag, 6. Dezember 2012, Charles Plessy wrote:
> > but at the very minimum, I
> > think that an image needs a system to make sure that one can log in with a
> > keypair where the private part is available to the machine via a
> > predetermined URL (that the cloud system makes private to the running
> > instance).
> where do you want to provide the private keys? (I dont get it, from a general
> perspective...) Can you please explain?
Sorry, I confused public and private in my previous answer.
On the clouds implementing the EC2 API, the user can create a key pair in the
cloud infrastructure, retreive the private key on his computer, and make the
public key available as metadata to an instance he launched. The cloud
infrastructure guarantees that the private key is never seen by third parties.
It also guarantees that the instance metadata will not contain other public
keys. This implements a system where a user can start an instance where no
password nor key is stored in the image, and only him can log in a
predertermined account with a key pair he chose.
Tsurumi, Kanagawa, Japan