purpleworks / fleet-ui

Web based UI for fleet
http://fleetui.com/
MIT License
231 stars 39 forks source link

why need access to all CoreOS hosts when fleetctl can happily work with just one host #23

Open xied75 opened 9 years ago

xied75 commented 9 years ago

When we use fleetctl from a work machine (e.g. a Ubuntu with compiled fleetctl binary), we normally would do

export FLEETCTL_TUNNEL=123.123.123.123:22000

Then we can use fleetctl for any purpose we like, even ssh into each hosts.

Now if I generate a NEW key pair in one of the hosts, and put the public key in the /home/core/.ssh/authorized_keys, then run fleet-ui on that host, I thought fleet-ui should be able to anything. Yet it seems fleet-ui need to access each every one of them, (i.e. this public key needs to be in every host, not just the landing one).

In any case, I don't think it's a good practice to put my PRIVATE key into CoreOS. That PRIVATE key I use to access my CoreOS, is "Private", I should not hand it out to anyone, right?