Hey John, Completely agree!
I think it's pretty easy to make a central config flag for that. If it is there I will use that flag to check before loading the trust managers. Cheers, Hugo P.S. what about a hardening guide for CS? Sent from my iPhone On 3 aug. 2012, at 21:49, "John Kinsella" <[email protected]> wrote: > Arve's made a comment in the "Official ASF process for re-writing code" > thread about accepting SSL certs that I wanted to comment on, without > hijacking that thread: > > CloudStack (and most (maybe all) Cloud management platforms I've seen) > blindly accept any ssh host keys or SSL certificates they encounter. As a > security guy, to me this is Bad - we're throwing out a key ability to > recognize impostors. > > What I'd like to see is probably a "don't blindly trust keys" configuration > option that's disabled by default. That way, those who like the status quo > can continue right along. > > In my mind, I envision the following functionality to be enabled when the > configuration flag is enabled: > * ssh connections between mgmt server/hosts and between hosts/SSVMs would NOT > blindly accept ssh keys, but would log an error that's clearly logged > specifying that either a host key mismatch or an unrecognized key was > encountered. This then becomes an admin's problem to fix. > * SSL based connections would similarly not blindly trust a self-signed or > mismatched SSL certificate, but attempt the verification and only proceed if > the cert was validated. Otherwise, detailed error is logged specifying the > service, host, and key. This then becomes an admin's problem to fix. > > Possibly a simple utility script similar to the SSVM test script could be > written that would check to make sure that various ssh/ssl connections are > working properly, and if not would clearly point them out. > > Thoughts? I'm not expecting to fix this for CS4, but if we can come to a > general agreement we can throw it on the roadmap. > > John > > Stratosec - Secure Infrastructure as a Service > o: 415.315.9385 > @johnlkinsella >
