Comment 3 for bug 683525

I think ideally this is configurable on a per-ami or per-instance level. Having a global switch of "inject keys" means that AMIs that have explicitly disabled root login (like the Ubuntu ones) are in a sense violated if *any* image you want to run does not support pulling keys from a metadata service.

If you believe that you have to support image manipulation by the host (which i generally disagree with), then I think that per-ami is probably the right level, and turn it off by default.