[Orchestra] [Bug 912809] Re: Orchestra installs nodes with default password accessible via ssh

Fri, 21 Apr 2017 12:50:03 -0700 

** Changed in: orchestra (Ubuntu)
       Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of
orchestra, which is subscribed to orchestra in Ubuntu.
https://bugs.launchpad.net/bugs/912809

Title:
  Orchestra installs nodes with default password accessible via ssh

Status in orchestra package in Ubuntu:
  Won't Fix

Bug description:
  I noticed that machines installed using orchestra by default when
  following instructions like http://cloud.ubuntu.com/2011/09/oneiric-
  server-deploy-server-fleets-p1/ get installed with password based ssh
  allowed and a default username/password of ubuntu/ubuntu and the
  ubuntu user has sudo privileges.

  Now the nodes created in this manner are not publicly visible to the
  internet being on a separate network connected by the controlling
  orchestra node. However all the nodes can ssh to each other and login
  using the ubuntu/ubuntu combination and have sudo.

  This means that if any node in a cloud controlled by orchestra is compromised 
then the whole cloud is compromised (unless the administrator has changed the 
defaults on all the nodes - which is not suggested in any of the documentation 
I have come across).
  I hope that I am wrong here but when I tested on my local orchestra 
installation the nodes could login to each other with ubuntu/ubuntu and have 
sudo.

  The behaviour I expected was that orchestra would install nodes with password 
based ssh disabled and propagate a public ssh key from the controlling node to 
all the installed nodes during installation. The ssh key propagation does 
happen but the disabling of password based ssh does not.
  It would be nice if the documentation encouraged the setting of a custom 
default username/password combination to seed new nodes with (preferably in a 
way which only stores the hash in the seed file) but that might not
  be easy to do. There is a separate bug: 
https://bugs.launchpad.net/ubuntu/+source/orchestra/+bug/912067 for this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/orchestra/+bug/912809/+subscriptions

-- 
Mailing list: https://launchpad.net/~orchestra
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~orchestra
More help   : https://help.launchpad.net/ListHelp

Reply via email to