StarCluster - Mailing List Archive

Re: creating a new AMI for starcluster -- can't log in

From: Justin Riley <no email>
Date: Sat, 30 Oct 2010 11:36:10 -0400

  On 10/29/10 7:55 PM, Dan Tenenbaum wrote:

> Finally, if you wish to circumvent the Ubuntu security standard and
> revert to the old practice of allowing ssh and rsync as root, this
> command will open it up for a new instance of the official Ubuntu images:
>
> ssh -i KEYPAIR.pem ubuntu_at_HOSTNAME 'sudo cp
> /home/ubuntu/.ssh/authorized_keys /root/.ssh/'
That is only a temporary solution, this will NOT fix things permanently.
The cloud-init scripts *must* be configured properly.
> I didn't have to do any of the steps described on the cookbook page.
> I'll find out later I guess if they are still necessary.
They are definitely necessary. The cloud-init scripts run at start up
and configure root's authorized_keys file based on the public key in the
instance's meta-data. If the cloud-init scripts are not configured
properly (via /etc/cloud) they will not allow you to login as root
because Alestic has decided to ban root login in favor of a ubuntu user
account that has full root privileges without needing a password (this
is kind of stupid IMO, where's the security in that? you've effectively
renamed root to ubuntu).

StarCluster strictly requires root login to be allowed and this is
definitely handled by the cloud-init package. Setting disable_root: 0
should be all you need. Otherwise, something else is up with your AMI or
the cloud-init scripts.

~Justin
Received on Sat Oct 30 2010 - 11:36:16 EDT
This archive was generated by hypermail 2.3.0.

Search:

Sort all by:

Date

Month

Thread

Author

Subject