awstrial

provide user with option to enable password at launch

Bug #654946 reported by Scott Moser on 2010-10-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	awstrial	Triaged	Low	Unassigned

Bug Description

There are 2 cases where the user might want to enable password ssh connections
a.) they do not have ssh keys [we're not supporting this now]
b.) they've lost the ssh private keys paired with their ssh keys in launchpad.

This bug is for 'a'.

To do this, user-data would be used to insert a password and expire it.
That password would then be given to the user on the instance-info page.

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2010-10-06: Re: [Bug 654946] [NEW] provide user with option to enable password at launch

Note that this will absolutely require SSL on the web front end (even
more than we need it now, to protect from MiM attacks).

Revision history for this message

Scott Moser (smoser) wrote on 2010-10-07:

Its really not that bad without ssl.
The way it would work would be:
a.) user pushes button says "enable ssh with password"
b.) awstrial arranges (via ssh) for the instance to allow ssh and sets a one time use password for the user (expiring the account, forcing password change)
c.) awstrial shows password to the user the password

The potential for error is not in man in the middle masquerading as awstrial, but in seeing the password.

The sniffer could then ssh to the system first, but would be forced to change password.

The original user would then be locked out.

The potential for concern is if the sniffer ssh'd in and set the password back to the original, so the user could get in and was unknown that someone else had gotten in and is now keylogging them (or some such).

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2010-10-07: Re: [Bug 654946] Re: provide user with option to enable password at launch

But if someone does sniff that password and login to the system and
change the password, they are now an unauthenticated user.

Meaning they didn't sign the Terms of Service.

And if they're sniffing passwords, then they are by definition an
unsavory individual, and will almost certainly use the instance for
evil.

Revision history for this message

Scott Moser (smoser) wrote on 2010-10-13:

Basically all that is left to do here is putting the button on the launch page. The function is all set in the path taken when there are no ssh keys.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.