Since I want to provision servers I want to be able to trust that I'm not getting MITM'ed. While I know I can trust the DigitalOcean response (because of HTTPS / certs) I don't know that I can trust the (generated) public key of my new droplet. By including the public key into the droplet response this can be avoided. Before connecting to a droplet for the first time I could query the API for the droplet's public key, then programatically add it to my HOSTS file, closing the trust loop.
I suppose that a work around could be to use this: https://www.digitalocean.com/company/blog/easily-automate-the-provisioning-of-your-droplets/ and a key registry of some kind or even just run a script to replace the generated keys with ones generated by the provisioning server.
Attachments Open full size
Because debugging is hard when you have slightly messed up a cloud-init script, I elected to inject the key with the following cloud-init script:
```
{ "runcmd" => ["rm /etc/ssh/etc/ssh/ssh_host_ecdsa*",
"echo #{private_key} > /tmp/base64_pri && base64 --decode /tmp/base64_pri > /etc/ssh/ssh_host_ecdsa_key",
"echo #{public_key} > /tmp/base64_pub && base64 --decode /tmp/base64_pub > /etc/ssh/ssh_host_ecdsa_key.pub",
"chmod 600 /etc/ssh/ssh_host_ecdsa_key",
"chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub",
"sleep 1 && service ssh restart"
] }
```
Attachments Open full size
I have been asking for this for years now....such a supposedly easy thing to do with profound security implications if not done! Every time I start a droplet I have to :
1) log into console and check ssh key
2) accept the key in my local terminal
Such a wasted opportunity for DO!
Attachments Open full size
It would be nice if the public host key was also displayed on the website (maybe on the droplet access page)... This would help serve users who create droplets through the website with the same improvement in establishing trust.
As a temporary hack, this can be already be done: open a terminal session on the web console, and print the public host key fp. This happens over HTTPS.
Attachments Open full size