cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jayapal Reddy Uradi <jayapalreddy.ur...@citrix.com>
Subject Re: A secure way to reset VMs password
Date Fri, 28 Nov 2014 09:34:02 GMT

Another point to note is all the vms in production has to update 
with the new cloud-set-guest-password scripts because of the new password reset method.

Thanks,
Jayapal



On 28-Nov-2014, at 2:28 PM, Erik Weber <terbolous@gmail.com>
 wrote:

> On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari <
> astro.alireza@yahoo.com.invalid> wrote:
> 
>> HiI viewed the bash script that resets Linux password (
>> http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It
>> seems that it doesn't use a secure way for transferring password string to
>> instance.Instances on a shared network can sniff password requests and
>> export requested password of other instances.I suggest to use SSL (https)
>> instead of plan text.Regards
>> 
>> 
> I like the idea, but there's a couple of obstacles to overcome, namely
> which SSL certificates to use.
> - certificates need a subject name, ie. IP or hostname for web pages, you
> could solve this by making the mgmt server a CA and have each VR get a
> signed certificate by it, but it's complicated
> - if the community bundle a pre generated certificate it is commonly known
> and not to be trusted, also not sure how to handle subject name
> - assuming everyone to supply a valid certificate is quite complicated (CA
> must be on VR etc), and makes it considerably harder to get a working setup
> - using self signed causes issues with validation
> 
> 
> Don't get me wrong, I love the idea, but it's not just to flip a switch and
> have (proper) SSL in place.
> 
> -- 
> Erik


Mime
View raw message