Hacker News new | ask | show | jobs
by tezza 4188 days ago 

  Cloud servers
  =============
Xen supports virtual TPM.

I'm no Amazon EC2 expert, but a quick google exposed a few keen souls who tried to use vTPM and failed. This would suggest that Amazon does not yet support vTPM.

  Re-entering passphrases
  ========================
Well, unless the machine is permissioned by default you will need to give a fresh instance new authorization. Permissioning by default is the same security problem you're trying to avoid though... just shifted. Your overall goal is to have the credentials inaccessible to sniffing, right ?

I guess you could set up some form of ssh-agent handshake to make the process less manual.
2 comments
druiid 4188 days ago
XenServer (The product from Citrix) or Xen 4.3+ support vTPM. Not sure which version of Xen that Amazon uses, but if/when they upgrade to 4.3 it should have built-in support for vTPM operations.
link
mreinsch 4188 days ago
sniffing isn't the main issue I'm trying to avoid, it's accidental exposure. I.e. minimising the risk that during normal operations the secrets get exposed somehow.
link
tezza 4188 days ago
Okay... sniffed accidentally then ( putting them in the wrong directory, not using fs permissions properly etc )

I would say that you should consider malicious sniffing too

link