axch
commented
7 years ago Current workaround: I am checking the public keys in as a known_hosts file in the repository. If that is considered reasonably good practice, we can close this ticket.
Open axch opened 7 years ago
axch
commented
7 years ago Current workaround: I am checking the public keys in as a known_hosts file in the repository. If that is considered reasonably good practice, we can close this ticket.
riastradh-probcomp
commented
7 years ago Although they're public keys, publishing the known_hosts file may not actually be a very good idea. Without it, zone enumeration of stack.probcomp.net to find potentially vulnerable machines in it would be costly; with it, free.
That's not to say we shouldn't have a record of the deployed instances, but maybe a separate Git repository, or perhaps an S3 bucket that the initialization script for the instance can write into, would be better.
axch
commented
7 years ago OK. We should make a v1-level decision about best practices here, which I am comfortable with being "oh well, cheap zone enumeration it is" in the interest of finishing the milestone; or if there is a readily workable alternative, we can implement it, subject to your judgement about finishing the milestone in good time.
Apparently (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html) every reboot forgets the console output, and the instance only displays its public keys in the console output on the first boot (Amazon, WTF?).
Ergo, one needs to collect the host keys when a stack is first started and conserve them somewhere. (I have yet to check that the host keys are not changed on reboot, but that would be even crazier.)