Fedora @ Google Cloud
Andy Grimm
agrimm at gmail.com
Tue Jun 24 13:23:55 UTC 2014
On Tue, Jun 24, 2014 at 2:34 AM, Renich Bon Ciric
<renich at woralelandia.com> wrote:
> On Mon, Jun 23, 2014 at 11:30 PM, Filipe Brandenburger
> <filbranden at google.com> wrote:
>> Last time I tried it, it seems that the main limitation of cloud-init
>> is that it wants you to define the list of users to be created
>> statically, while GCE wants to give you a list of keys for you to
>> create the users that correspond to those keys...
>
> Do not forget the horrible; passwordless, sudo setting as well. Not my
> favorite in the world, at all.
I don't think the passwordless sudo that google's tools sets up is any
different from what cloud-init does, is it? In both cases it's
assumed that the user for whom you are injecting the ssh key is the
"administrator". Baking in a password wouldn't make it any better,
and shoving a password into the metadata (even encrypted) would allow
any user on the system to retrieve it and attempt to decrypt. What
would be a better solution?
More information about the cloud
mailing list