On Tue, Jul 15, 2014 at 11:17 AM, Sven Kieske svenkieske@gmail.com wrote:
On 14.07.2014 21:27, Neil Wilson wrote:
Importantly it is *safer*, not more *secure*.
Okay, I can agree with this, but I'm under the impression most online tutorials mix this up or create false security by subliminal indicating that this would be more secure.
The GCE variant is also mostly more of a safety benefit than a security benefit, but it does have one security benefit: if a user is subsequently removed from the metadata server, or if the key is set to expire (experimentally supported by our agent and used by this nifty feature: https://developers.google.com/compute/docs/ssh-in-browser) and they're removed from the GCE project, it's easier to clean up after people who used to have access but shouldn't any more.
- Jimmy