Make handling of ssh host keys configurable for Cinder
To address concerns of weak SSH security in Cinder, the way that
ssh host keys are handled by Cinder should be configurable, allowing
system administrators to choose how secure they wish their SSH connections
to be.
This blueprint proposes making the way that SSH
host keys are handled configurable, allowing system administrators
to make a conscious decision about the level of security they need
on their system.
The solution would require two new configuration items as well as
a change to the current default behavior. First, there would need
to a 'strict_
settings of 'false' (default) or 'true'. When this option is set to
'false' it will automatically accept the host key on the first connection
and then will throw an exception if the host key changes in the future.
This is where the default behavior changes from the current functionality.
In the case that 'strict_
second option 'ssh_host_
configuration is used it is assumed that the administrator is going to
have pre-configured ssh host keys and any deviation from those expected
keys will be handled with an exception.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Low
- Drafter:
- Jay Bryant
- Direction:
- Needs approval
- Assignee:
- Jay Bryant
- Definition:
- Approved
- Series goal:
- Accepted for juno
- Implementation:
- Implemented
- Milestone target:
- 2014.2
- Started by
- Jay Bryant
- Completed by
- Jay Bryant
Related branches
Related bugs
Sprints
Whiteboard
jsbryant - 6/24/2014
Need to also make note here that this Blueprint will address changes not just for the volume drivers but also for the zoneanager drivers. I will need to investigate how to implement this but hopefully we can just update those drivers to use cinder/utils.py to get the right ssh behavior. Also hope that they can then get the needed configuration options from cinder.conf for consistency. I am not as familiar with that code, so I will need to investigate that further.
Gerrit topic: https:/
Addressed by: https:/
Add blueprint for configurable ssh host key policy
tkelsey - 06/27/2014
Please also take a look at the related OSSN for this issue. https:/
Gerrit topic: https:/
Addressed by: https:/
Make ssh-host-key-policy configurable
jsbryant - 8/14/2014
I have made good progress on the code and, as you can see above, do have a patch up for review. There are some slight changes from the originally discussed design. With the way that the code used to run, it would just blindly accept all connections by default and would not save any host information. Obviously not secure at all.
This one compromises by allowing the user to either require that the host key be pre configured 'strict_
The trick here, is that we need to set a known_hosts file to use which is a new requirement. I default to using ~cinder/
Addressed by: https:/
HP 3PAR configurable ssh-host-key-policy