Comment 1 for bug 654944

We had initially decided to "fix" this by having a password set in the instance for all instances, and storing that password and showing it to the user only when they needed it.

The idea was also to expire the password as that plaintext password would be in the metadata service. Over all, we didn't like the idea of enabling password auth by default, and it is no "sneakier" (we're not being sneaky) to have an additional set of keys loaded into the instance.

Expiring the password cannot work as then the ssh key authed user is prompted for the old password (which they do not know).

We kind of concluded that the best way to deal with this is ssh via key, and set pasword that way.