[ubuntu-cloud] [ec2ubuntu] Re: [UDS] Ubuntu Cloud Images Round-table Pre-discussion
Yaron Sheffer
yaronf at porticor.com
Fri May 4 14:25:46 UTC 2012
Hi Scott,
sorry of this sounded like I'm disparaging the security of these images.
This was absolutely NOT my intention. My point is, for security
appliances user access into the instance may be disabled, even if
they're using the standard SSH keys. So this solution would be one more
access method (a nicer word than "backdoor", right :-) that would need
to be blocked as part of hardening the instance/image.
Thanks,
Yaron
On 05/04/2012 12:42 AM, Scott Moser wrote:
> On Thu, 3 May 2012, Yaron wrote:
>
>> Regarding the recovery shell idea: some of us are developing
>> security-sensitive appliances on top of these AMIs. Please make sure that
>> any potential "backdoors" into the image have a well-defined, wellinstance
>> documented way to disable them while customizing the image.
> Well, it would just run a ssh server, that would allow you in as root via
> ssh keys that were already in .ssh/authorized_keys (or pulled from the
> metadata service). But we're most definitely not going to just set the
> password to "password".
>
> Thanks for the input though.
>
--
*Yaron Sheffer*|Co-Founder and CTO, *Porticor Cloud Security*| T:+972 73
7294673 <tel:+972-73-7294673> | M:+972 52 8698984 <tel:+972-52-8698984>
| yaronf at porticor.com <mailto:yaronf at porticor.com> |www.porticor.com
<http://www.porticor.com/>
More information about the Ubuntu-cloud
mailing list