ssh to new cloud instance?
-
I'm trying to figure how things work at a large scale but have limitied experience how it's done by common cloud operators.
So how are aws, azure, gcp etc handling ssh logins to new cloud instances?
Are they using:
- ssh passwords?
- ssh private keys?
- ssh certificates?
- something else?
If you add another admin in the cloud control panel, is an account for that user created on all cloud instances that person can access?
-
We use Vultr and they use private keys.
-
@scottalanmiller said in ssh to new cloud instance?:
We use Vultr and they use private keys.
Right, but that doesn't help with add/remove of more people. That key in Vultr is something just for the initial root user. After that, it user management. How is that handled.
-
@JaredBusch said in ssh to new cloud instance?:
@scottalanmiller said in ssh to new cloud instance?:
We use Vultr and they use private keys.
Right, but that doesn't help with add/remove of more people. That key in Vultr is something just for the initial root user. After that, it user management. How is that handled.
Oh, that's by the system admin, not by the cloud instance.
-
@Pete-S said in ssh to new cloud instance?:
If you add another admin in the cloud control panel, is an account for that user created on all cloud instances that person can access?
In Vultr, there aren't users in the cloud panel at all. There are keys that you can choose to deploy at deploy time for root. Other than that, if we wanted to deploy keys (as an example), we'd do that through our management system (script, Salt, Ansible, etc.). I would not want the cloud platform to be touching my users.
-
@scottalanmiller said in ssh to new cloud instance?:
@Pete-S said in ssh to new cloud instance?:
If you add another admin in the cloud control panel, is an account for that user created on all cloud instances that person can access?
In Vultr, there aren't users in the cloud panel at all. There are keys that you can choose to deploy at deploy time for root. Other than that, if we wanted to deploy keys (as an example), we'd do that through our management system (script, Salt, Ansible, etc.). I would not want the cloud platform to be touching my users.
OK, got it.
Does that also mean that only one person can have access to the actual Vultr account as well? I'm guessing it's multi-user.
-
@Pete-S said in ssh to new cloud instance?:
@scottalanmiller said in ssh to new cloud instance?:
@Pete-S said in ssh to new cloud instance?:
If you add another admin in the cloud control panel, is an account for that user created on all cloud instances that person can access?
In Vultr, there aren't users in the cloud panel at all. There are keys that you can choose to deploy at deploy time for root. Other than that, if we wanted to deploy keys (as an example), we'd do that through our management system (script, Salt, Ansible, etc.). I would not want the cloud platform to be touching my users.
OK, got it.
Does that also mean that only one person can have access to the actual Vultr account as well? I'm guessing it's multi-user.
Yeah, the cloud level is multi-user. But just as you can have multiple people with access to a data closet, and multiple people with access to a Windows instance housed in that closet, you don't want the physical closet to maintain the Windows logins. Same here, your cloud provider is like a data center or data closet with its own level of access unrelated to applications or other workloads running higher up the stack and 99.999% of the time, no association or commonality between them.
