more grammar & writing edits
This commit is contained in:
parent
7a904114c3
commit
57666cf2ab
@ -261,15 +261,16 @@ Host key verification failed.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
So what are technologists to do? Most cloud providers don't "provide" a secure and reliable way to get the SSH host public keys
|
||||
So what are technologists to do? Most cloud providers don't "provide" an easy way to get the SSH host public keys
|
||||
for instances that users create on thier platform. For example, see this
|
||||
<a href="https://serverfault.com/questions/941915/verify-authenticity-of-ssh-host-on-digital-ocean-droplet-freebsd">
|
||||
question posted by a frustrated user trying to secure thier connection to a digitalocean droplet</a>.
|
||||
|
||||
Besides using the provider's HTTPS-based console to log into the machine & directly read the public key, most of the time,
|
||||
providers recommend using a "userdata script", which runs when the machine boots, to upload the machine's SSH public keys to a
|
||||
trusted location, like <a href="https://www.backblaze.com/b2/cloud-storage.html">Backblaze B2</a> or
|
||||
<del>Amazon S3</del><sup><a href="#ref_1">[1]</a></sup> storage for later retrieval by users.
|
||||
Besides using the provider's HTTPS-based console to log into the machine & directly read the public key,
|
||||
providers also recommend using a "userdata script".
|
||||
This script would run on boot & to upload the machine's SSH public keys to a
|
||||
trusted location like <a href="https://www.backblaze.com/b2/cloud-storage.html">Backblaze B2</a> or
|
||||
<del>Amazon S3</del><sup><a href="#ref_1">[1]</a></sup>, for an application to retrieve later.
|
||||
As an example, I wrote a
|
||||
<a href="https://git.sequentialread.com/forest/rootsystem/src/1cdbe53974d20da97d9f522d4bd62c34487817c0/terraform-modules/gateway-instance-digitalocean/upload_known_hosts.tpl#L5">
|
||||
userdata script which does this</a>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user