[
https://issues.apache.org/jira/browse/VCL-645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron Peeler updated VCL-645:
-----------------------------
Description:
after a load, fetch and store ssh fingerprint for end-users.
User requested at NCSU to be able to double check ssh keys fingerprint to
elevate concerns about man-in middle attack.
database - extend database to store keys for rsa/dsa public keys
web - within current reservations for linux OS/ssh connections provide a
button for the user to see the fingerprint and also possible download to update
their local known_hosts file?
backend - A couple of options:
1) Allow host keys to be re-generated on each load, then fetch and store keys
and allow users to see or download new fingerprint.
2) for every node store the original host keys, during post-load update the
keys on the host. This will make it easier on the end-user to not have to
update their known_hosts file or key stores
Also would apply to windows related keys
was:
after a load, fetch and store ssh fingerprint for end-users.
User requested at NCSU to be able to double check ssh keys fingerprint to
elevate concerns about man-in middle attack.
database - extend database to store keys for rsa/dsa public keys
web - within current reservations for linux OS/ssh connections provide a
button for the user to see the fingerprint and also possible download to update
their local known_hosts file?
backend - A couple of options:
1) Allow host keys to be re-generated on each load, then fetch and store keys
and allow users to see or download new fingerprint.
2) for every node store the original host keys, during post-load update the
keys on the host. This will make it easier on the end-user to not have to
update their known_hosts file or key stores
Summary: store/update fingerprint info for machines for end-user
reservations (was: store/update ssh fingerprint for unix machines for end-user
reservations)
> store/update fingerprint info for machines for end-user reservations
> --------------------------------------------------------------------
>
> Key: VCL-645
> URL: https://issues.apache.org/jira/browse/VCL-645
> Project: VCL
> Issue Type: Improvement
> Components: database, vcld (backend), web gui (frontend)
> Reporter: Aaron Peeler
> Priority: Minor
> Fix For: 2.4
>
>
> after a load, fetch and store ssh fingerprint for end-users.
> User requested at NCSU to be able to double check ssh keys fingerprint to
> elevate concerns about man-in middle attack.
> database - extend database to store keys for rsa/dsa public keys
> web - within current reservations for linux OS/ssh connections provide a
> button for the user to see the fingerprint and also possible download to
> update their local known_hosts file?
> backend - A couple of options:
> 1) Allow host keys to be re-generated on each load, then fetch and store keys
> and allow users to see or download new fingerprint.
> 2) for every node store the original host keys, during post-load update the
> keys on the host. This will make it easier on the end-user to not have to
> update their known_hosts file or key stores
> Also would apply to windows related keys
--
This message was sent by Atlassian JIRA
(v6.1#6144)
