博托.get_all_keypairs()方法和它的结果.save() [英] boto .get_all_keypairs() method and the .save() of its results
问题描述
所以,我获得了一些EC2实例,其中一些已经运行了多年。我们有私钥所有这些的特殊储存库;因此,我可以,我们大多数情况下的,进入他们作为根(或在某些情况下,Ubuntu的用户)对其进行管理。
So I have access to a number of EC2 instances, some of which have been running for years. We have a special repository of the private keys to all of these; thus I can, for most of our instances, get into them as root (or the 'ubuntu' user in some cases) to administer them.
在与博托打我注意到EC2 .get_keypair()和get_all_keypairs方法,并想知道,如果这可以用来恢复它通过我们的程序的裂缝已经下滑和丢失的任何SSH密钥。
While playing with boto I noticed the EC2 .get_keypair() and get_all_keypairs methods and was wondering if this could be used to recover any SSH keys which have slipped through the cracks of our procedures and been lost.
当我检查造成boto.ec2.keypair.KeyPair对象,但是,我看到了。材料属性似乎是空的,当我尝试使用密钥对的.save()方法,我得到一个异常抱怨材料没有被获取。
When I inspect the resulting boto.ec2.keypair.KeyPair objects, however, I see that the .material attribute seems to be empty and when I try to use the keypair's .save() method I get an exception complaining that the materials haven't been fetched.
(其它操作,如.get_all_instances()和.run_instances()在本届会议期间工作)。
(Other operations, such as .get_all_instances() and .run_instances() are working during that session).
所以,我缺少什么?是否有,我必须提供X.509证书的一些其他操作。我除了正常的AWS密钥/秘密对?
So, what am I missing? Are there some other operations for which I have to provide the X.509 cert. in addition to my normal AWS key/secret pair?
(注:我实际上并不需要这个呢我只是我自己熟悉的API和preparing为这种可能性)。
(Note: I don't actually need this yet. I'm just familiarizing myself with the API and preparing for such eventualities).
推荐答案
这是不可能恢复SSH密钥,像这样的<一个href="http://boto.readthedocs.org/en/latest/ref/ec2.html#boto.ec2.connection.EC2Connection.get_all_instances"相对=nofollow> get_all_key_pairs()方法名字有点这方面的误导,但通过类的 boto.ec2.keypair.KeyPair </A>至少,如见在保存()方法
It is not possible to recover SSH keys like so, the get_all_key_pairs() method name is a bit misleading in this regard, though properly documented by means of the return object of class boto.ec2.keypair.KeyPair at least, see e.g. the save() method:
节省材料(未加密的PEM EN codeD RSA私钥)的 新创建的密钥对以本地文件。 [重点煤矿] 的
Save the material (the unencrypted PEM encoded RSA private key) of a newly created KeyPair to a local file. [emphasis mine]
这是不是博托的限制,但是的亚马逊EC2 :你只能密钥对的初始创建过程中获取了完整的密钥对(即包括私钥) ,私钥永远不会通过EC2存储且无法恢复,如果你曾经失去它(见下文的解决方法)。
This is not a limitation of boto, but a result of the security architecture of Amazon EC2: you can only retrieve a complete key pair (i.e. including the private key) during the initial creation of a key pair, the private key is never stored by EC2 and cannot be recovered, if you ever loose it (but see below for a workaround).
埃里克·哈蒙德最近的答案被删除密钥对EC2实例的相关问题,后果提供了另一个角度,这个话题,其中包括一个指向他的文章在一个EC2实例的根EBS卷,解释如何获得访问实例无论最终。
Eric Hammond's recent answer to the related question consequences of deleted key pair on ec2 instance provides another angle to this topic, including a pointer to his article Fixing Files on the Root EBS Volume of an EC2 Instance, explaining how to get access to the instance regardless eventually.
由于你的一些实例的已经运行了多年的,这可能不是,虽然工作,只要的 的(这还没有这个过程仅适用于一个EBS引导实例是可利用当时),而且,正如埃里克讲为好,是其中的原因很多的你应该使用EBS引导实例在Amazon EC2上的今天。
Given some of your instances have been running for years, this might not work though, insofar This process is only available with an EBS boot instance (which haven't been available back then), and, as Eric stresses as well, is one of the many reasons why You Should Use EBS Boot Instances on Amazon EC2 nowadays.
这篇关于博托.get_all_keypairs()方法和它的结果.save()的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
