workaround a problem with permissions on ~ec2-user/.ssh/authorized_keys

awsbox.js

@@ -514,6 +514,8 @@ verbs.create = function(args) {
 
             console.log("   ... public url will be:", config.public_url);
 
+            ssh.ensureSshAccessPerms(deets.ipAddress, function(err) {
+              checkErr(err);
               ssh.copyUpConfig(deets.ipAddress, config, function(err) {
                 checkErr(err);
                 console.log("   ... victory!  server is accessible and configured");
@@ -574,6 +576,7 @@ verbs.create = function(args) {
         });
       });
     });
+  });
 };
 verbs.create.doc = "create an EC2 instance, -h for help";
 

lib/ssh.js

@@ -12,6 +12,33 @@ function passthrough(cp) {
   cp.stderr.pipe(process.stderr);
 }
 
+exports.ensureSshAccessPerms = function(host, cb) {
+  // Something, possibly cloud-init is resetting these permissions when we
+  // create the AMI. So this is a sad way to set them back for app@ has
+  // access to the EC2 instance.
+  var tries = 0;
+  var destination = 'ec2-user@' + host;
+  var cmd = "chmod go+x /home/ec2-user/.ssh";
+  var args = ['-o', 'StrictHostKeyChecking=no', destination, cmd];
+  function oneTry() {
+    child_process.execFile(ssh, args, function(err) {
+      if (err) {
+        if (++tries > MAX_TRIES) return cb("can't connect via SSH.  stupid amazon");
+        process.stdout.write(tries <= 1 ? "   ..." : ".");
+        setTimeout(oneTry, 3000);
+      } else {
+        cmd = "chmod go+r /home/ec2-user/.ssh/authorized_keys";
+        args = ['-o', 'StrictHostKeyChecking=no', destination, cmd];
+        child_process.execFile(ssh, args, function(err) {
+          if (err) return cb(err);
+          cb();
+        });
+      }
+    });
+  }
+  oneTry();
+};
+
 exports.copyUpConfig = function(host, configContents, cb) {
   var tries = 0;
   temp.open({}, function(err, r) {