[StarCluster] creating a new AMI for starcluster -- can't log in
Justin Riley
jtriley at MIT.EDU
Sat Oct 30 11:36:10 EDT 2010
On 10/29/10 7:55 PM, Dan Tenenbaum wrote:
> Finally, if you wish to circumvent the Ubuntu security standard and
> revert to the old practice of allowing ssh and rsync as root, this
> command will open it up for a new instance of the official Ubuntu images:
>
> ssh -i KEYPAIR.pem ubuntu at HOSTNAME 'sudo cp
> /home/ubuntu/.ssh/authorized_keys /root/.ssh/'
That is only a temporary solution, this will NOT fix things permanently.
The cloud-init scripts *must* be configured properly.
> I didn't have to do any of the steps described on the cookbook page.
> I'll find out later I guess if they are still necessary.
They are definitely necessary. The cloud-init scripts run at start up
and configure root's authorized_keys file based on the public key in the
instance's meta-data. If the cloud-init scripts are not configured
properly (via /etc/cloud) they will not allow you to login as root
because Alestic has decided to ban root login in favor of a ubuntu user
account that has full root privileges without needing a password (this
is kind of stupid IMO, where's the security in that? you've effectively
renamed root to ubuntu).
StarCluster strictly requires root login to be allowed and this is
definitely handled by the cloud-init package. Setting disable_root: 0
should be all you need. Otherwise, something else is up with your AMI or
the cloud-init scripts.
~Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/starcluster/attachments/20101030/f756211a/attachment.htm
More information about the StarCluster
mailing list