undefined | Better HN

0 pointsprojektfu10h ago0 comments

If that were the case then I don't think the OP approach works either.

0 comments

It does note that it only protects against an attacker "who learns the cloud-init user-data at any point after the script terminates".

If the attacker can get the cloud-init user-data while the script is still running (in the time between sending the cloud-config.yaml and connecting with SSH to the machine) that would still allow MitM, but would require more effort on the attacker's part to leak the cloud-init data.

The point of the script was that leaking the cloud-init data after the script has completed is harmless.

j / k navigate · click thread line to collapse

0 comments

mjmas2h ago

It does note that it only protects against an attacker "who learns the cloud-init user-data at any point after the script terminates".

The point of the script was that leaking the cloud-init data after the script has completed is harmless.

j / k navigate · click thread line to collapse