back to article VMware shipped public key with its Photon OS-for-containers

VMware has revealed an embarrassing mistake: the virtual machines it made available for its Photon OS container runtime included a default public ssh key. “A public ssh key used in the Photon OS build environment was inadvertently left in the original Photon OS 1.0 OVAs,” says VMware's emailed advisory. “This issue would have …

  1. Bill B

    I know I'm displaying my ignorance here and I'm going to get flamed by those more expert than I am, but I thought that the whole point of a public key was that it was ... well ... public, and it's the private key that you don't want to leave lying around.

    1. Raumkraut

      A private key is an identity, and indeed that should be kept secret.

      A public key can be used to remotely access a server, for those with the right private key.

      So in this case, a particular public key was automatically deployed to every virtual machine created using the VM image they distributed. That essentially means that, since VMWare was the holder of the private key, they had backdoor (or undisclosed front-door, if you prefer) access into every installation of Photon OS, by default.

      Bit of an oopsie.

  2. Anonymous Coward
    Anonymous Coward

    all ur vms now belong to us

    1. Anonymous Coward
      Anonymous Coward


      Your servers ALREADY belong to us...

  3. Lost_Signal

    Can you explain this line?

    In recent years it's messed up sizing for VSAN?

    The only case of sizing for VSAN I've seen change was a change from a 10% of RAW, vs 10% of actual data (Which would imply if you followed the advice from the beta period when this was changed, you'd potentially have more cache than you need which isn't really a bad thing and was always listed as a rule of thumb).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like