Update reference for cloud-set-guest-sshkey.sh in our Github repo
There was a security issue reported in: https://issues.apache.org/jira/browse/CLOUDSTACK-7050 regarding the cloud-set-guest-sshkeys. The reporter was complaining about the script that appends the new key it receives to the authorized_keys list on the target VM.
Resetting SSH Keys in the admin guide seems to imply that once an SSH key pair is compromised that the resetSSHKeyForVirtualMachine API could be used to “reset” the SSH key for the VM but as mentioned the new key is merely appended to the list leaving the old compromised key.
The security issue was already fixed. However, our docs were pointing to an outdated version of that script. I am changing now the docs to point to the latest version of the cloud-set-guest-sshkeys.
1 file changed