[jivid]

I am a Digital Ocean customer and the only password they've ever emailed me is the root password for the server I just bought. Arguably this isn't as safe as AWS' process of making you download a kaypair and only letting you login with that. However, VPS owners should get in the habit of logging on to any server they buy and immediately disabling password auth and root login via SSH, which helps negate the root password being sent over email issue to a certain extent.

[jackalope]

How is downloading a key pair generated by someone else safer? If this is only for login purposes (I don't use AWS, so maybe there is another reason), you should generate your own key pair and send them only your public key (which doesn't require an encrypted transfer, BTW). If AWS knows your private key and can view it or provide it to you at anytime, that's no different than storing passwords in plaintext.

[count]

AWS generates the key pair client side, and never sees your private key. Also, you can just chose to upload your own public key that AWS will utilize (which is best practice).

AWS cannot view or provide you your private key at any time - once you click 'ok' on that javascript window, that private key is gone for good.

[jivid]

The keypair AWS generates can only be downloaded once, at the time of instance creation. Beyond that, they expect you to be in possession of the keypair when launching another instance that uses the same keypair. If you happen to lose the file, you're basically out of luck.

So to directly address your concern, you can't download the keypair at any point in time, it's just a one time thing. To me that seems much more secure than emailing out a root password and enabling password authentication by default.

[aianus]

I much prefer DigitalOcean's option of no root password and letting me upload my public key. There's no need for them ever to know my password or private key.

[TimWolla]

… or even better: Disable password authentication entirely.