

Securing EC2 instance from Man in the Middle attack - mhb
http://developer.amazonwebservices.com/connect/thread.jspa?threadID=21867&start=0&tstart=0

======
timf
Our virtual cluster coordination software gets around the problem entirely by
seeding the image at boot time with a key for contacting the coordination
broker. Part of that process is informing the cluster (and the remote client)
of the generated host key (the launching client even inserts that into your
local hosts file if you want). Latest version works on EC2, we've been
launching 100+ node clusters lately.

<http://workspace.globus.org/clouds/clusters.html#secgap>

~~~
mhb
That is a good solution, but it can only be used if there is an existing out
of band way to obtain the key from the instance. I think that is unusual for
the typical AWS user.

~~~
timf
A manual way to do it is to have the init scripts print the key to console and
use EC2's get console output operation.

~~~
mhb
Yes:

 _It looks like Amazon may be updating their AMIs to generate host keys if
they don't already exist. Amazon is also making the host key fingerprint
available to the user through one of the only secure communication channels
available to an instance of a public AMI--the console output._

