OpenStack Compute (nova)

Add support for signing host ssh keys

Registered by Stanislaw Pitucha on 2015-09-24

Just like blueprint keypair-x509-certificates addressed user authentication via signed keys, host keys signing should be implemented too. Host certificates can make connections to the new instances more secure - instead of trusting a new key on the first connection, users can be sure that they connect to the instance they own. This can easily catch issues with ip typos and configuration mistakes. Since public ip addresses can be recycled, ssh host certificates give additional guarantee that the endpoint is trusted.

Since the host key provisioning isn't implemented yet, it will require changes in nova, novaclient, cloudinit.

Blueprint information

Status:: Not started

Approver:: None

Priority:: Undefined

Drafter:: Stanislaw Pitucha

Direction:: Needs approval

Assignee:: None

Definition:: New

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Related branches

Related bugs

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.