VPS injected ssh keys

JaredBusch

Re: Building VitalPBX on Vultr Automatically

@scottalanmiller said in Building VitalPBX on Vultr Automatically:

Set up root keys to have automatically injected. This means you can SSH into your instance the moment that it is set up.

This sounds nice on the surface, but when would you ever actually do this?

Under no circumstances do I actually want anyone's key tied to the root user. It negates all accountability.

I want root disabled in sshd and I want users only logging in with keys, never passwords.

So this entire "feature" of VPS automation is lost on me.

Curtis

@JaredBusch I have wondered the same thing.

Curtis

I like something more like this:

https://www.digitalocean.com/community/tutorials/how-to-use-cloud-config-for-your-initial-server-setup

JaredBusch

@Curtis said in VPS injected ssh keys:

I like something more like this:

https://www.digitalocean.com/community/tutorials/how-to-use-cloud-config-for-your-initial-server-setup

Right, so a complex script is suddenly needed to be developed (not a bad thing) in order to securely handle something like this.

Not a simply little shit ass couple lines like the original post.

stacksofplates

I don't see a ton of uses for it with a VPS. I usually create a template with something like Packer and Ansible to do the hardening and then just clone from that template, but that's using their base image. On providers like GCP you can determine what keys go with what users without creating templates. I still use templates though that I build with Packer and Ansible.

scottalanmiller

@JaredBusch said in VPS injected ssh keys:

Under no circumstances do I actually want anyone's key tied to the root user. It negates all accountability.

It's for pre-production setup. Not for deploying straight to production.