On Tue, Jul 15, 2014 at 11:17 AM, Sven Kieske <svenkieske at gmail.com> wrote: > On 14.07.2014 21:27, Neil Wilson wrote: > > Importantly it is *safer*, not more *secure*. > Okay, I can agree with this, but I'm under > the impression most online tutorials mix this > up or create false security by subliminal indicating > that this would be more secure. > The GCE variant is also mostly more of a safety benefit than a security benefit, but it does have one security benefit: if a user is subsequently removed from the metadata server, or if the key is set to expire (experimentally supported by our agent and used by this nifty feature: https://developers.google.com/compute/docs/ssh-in-browser) and they're removed from the GCE project, it's easier to clean up after people who used to have access but shouldn't any more. - Jimmy -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140715/2fb51bc3/attachment-0007.html>