[cs615asa] hw5 Question
Jan Schaumann
jschauma at stevens.edu
Tue Apr 2 15:11:20 EDT 2019
Justin Barish <jbarish at stevens.edu> wrote:
> If the user in the EC2_BACKUP_FLAGS_SSH changes their ssh key
> to something different, would they also change the --key-name in
> EC2_BACKUP_FLAGS_AWS to match, or would we have to manually do that?
>
> (And regardless, if they give a key-name in EC2_BACKUP_FLAGS_AWS
> that doesn't match the one in EC2_BACKUP_FLAGS_SSH,
> should we throw an error, or ignore their provided --key-name)
You cannot make assumptions about the names of the keys. There is no
requirement that a key named "bob" in AWS matches a file named "bob" on
the local system. I can create a key pair and have the key in AWS be
identified as "fritz" and save the private key on my local system as
"bob"; what's more, I can later choose to rename the file to "jenny".
Fortunately for you, this simplifies things rather than making things
more complicated: you don't need to try to "verify" if keys used for SSH
match the ones used for AWS. You will use whatever the user provides.
If that works, great; if not, produce (or bubble up) a meaningful
error to the user. But in the face of ambiguity, resist the temptation
to guess: tell the user that e.g., ssh didn't work, but don't try to
speculate "you provided a key that doesn't match the key in AWS",
because you don't know if that is the case or not.
-Jan
More information about the cs615asa
mailing list