SSH key used to manage the Amazon cloud...

[SimonBiggs]

Why not store this SSH key in a local file and then read it in while not committing it to version control?

https://github.com/voteflux/voting-alpha/blob/master/manage#L445

... ... Anyone with that key could take control of those nodes...

[XertroV]

The key mentioned by default

https://github.com/voteflux/voting-alpha/blob/master/manage#L31

Is just a public key so no ssh keys are actually in the repo. This is mostly for debugging tho since using userdata (a script you provide the instance on launch) to install/configure things is a slow turnaround and difficult to test. Also useful to ssh in to watch things (E.g. confirm chain code deploys correctly).

No ssh keys will be used in production instances so we won't have an issue there.

[XertroV]

The final version will actually be deployed right from cloudformation / AWS marketplace, the manage script is more for dev or advanced usage. So my public key isn't default or anything since it's not in cfn template

[SimonBiggs]

Also useful to ssh in to watch things

How can you "ssh in" with a public ssh key?

[SimonBiggs]

No ssh keys will be used in production instances

I spent a bit of time trying to find the "gold standard" repo that has the secure-vote code within it. No luck on my end though. Where is this production code?

[XertroV]

How can you "ssh in" with a public ssh key?

I have the privkey.

trying to find the "gold standard" repo that has the secure-vote code ... Where is this production code?

github.com/secure-vote/sv-light-smart-contracts

[SimonBiggs]

Ahh, so this is what was being run up on the server?

[SimonBiggs]

Sorry...

[XertroV]

This repo has a bunch of stuff - the stack folder inits AWS resources and configures the servers. The chain code is loaded on during this process, too. Most of the code is run via lambdas. Currently it's mostly just custom resources for CFN but there will be web lambdas soon too for things like member/voter onboarding