[ec2-beta] some feedback on the i386 image
Kees Cook
kees at ubuntu.com
Mon Jan 12 17:43:02 GMT 2009
On Mon, Jan 12, 2009 at 05:03:36PM +0000, Mark Shuttleworth wrote:
> Eric Hammond wrote:
> > I really like being able to type "ec2intrepid" or "ec2hardy" (custom
> > commands) and within a minute be ssh'd in to a brand new Ubuntu instance
> > on EC2. Going through extra prompts and having to re-connect gets old,
> > especially if I have to jot down new passwords every time.
> >
>
> It should be possible to have the password setup so that it's consistent
> across your machines. One would not want to have to store the credential
> itself, but it might be possible to store the passwd entry (salted,
> crypted or hashed) and re-use that across machines.
Yeah, pushing the encrypted passwords around shouldn't be a problem. I
would recommend "chpasswd -e", which will read stdin for
user:password
(where "password" is the encrypted (-e) password)
For example, to clone the "bilbo" user's password from one machine to
another (after the initial root login/setup):
TOCOPY=bilbo
ssh -i /my/key.pem root at ec2-instance-master \
"grep ^$TOCOPY: /etc/shadow | cut -d: -f-2" | \
ssh -i /my/key.pem root at ec2-instance-secondary "chpasswd -e"
> Soren, any comments? Do we have any representatives of the Ubuntu
> security team on this list?
We're all here, yup. :)
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the Ec2-beta
mailing list