cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hugo Trippaers <HTrippa...@schubergphilis.com>
Subject Re: proper SSL/ssh management
Date Fri, 03 Aug 2012 22:29:42 GMT
Hey John,

Completely agree!

I think it's pretty easy to make a central config flag for that. If it is there I will use
that flag to check before loading the trust managers.

Cheers,

Hugo 

P.S. what about a hardening guide for CS?

Sent from my iPhone

On 3 aug. 2012, at 21:49, "John Kinsella" <jlk@stratosec.co> wrote:

> Arve's made a comment in the "Official ASF process for re-writing code" thread about
accepting SSL certs that I wanted to comment on, without hijacking that thread:
> 
> CloudStack (and most (maybe all) Cloud management platforms I've seen) blindly accept
any ssh host keys or SSL certificates they encounter. As a security guy, to me this is Bad
- we're throwing out a key ability to recognize impostors.
> 
> What I'd like to see is probably a "don't blindly trust keys" configuration option that's
disabled by default. That way, those who like the status quo can continue right along.
> 
> In my mind, I envision the following functionality to be enabled when the configuration
flag is enabled:
> * ssh connections between mgmt server/hosts and between hosts/SSVMs would NOT blindly
accept ssh keys, but would log an error that's clearly logged specifying that either a host
key mismatch or an unrecognized key was encountered.  This then becomes an admin's problem
to fix.
> * SSL based connections would similarly not blindly trust a self-signed or mismatched
SSL certificate, but attempt the verification and only proceed if the cert was validated.
Otherwise, detailed error is logged specifying the service, host, and key. This then becomes
an admin's problem to fix.
> 
> Possibly a simple utility script similar to the SSVM test script could be written that
would check to make sure that various ssh/ssl connections are working properly, and if not
would clearly point them out.
> 
> Thoughts? I'm not expecting to fix this for CS4, but if we can come to a general agreement
we can throw it on the roadmap.
> 
> John
> 
> Stratosec - Secure Infrastructure as a Service
> o: 415.315.9385
> @johnlkinsella
> 

Mime
View raw message