Re: A secure way to reset VMs password
Decent idea… On Dec 3, 2014, at 8:24 AM, Alireza Eskandari astro.alir...@yahoo.com.INVALID wrote: It is possible if we provide password service on port 8080 with current insecure method and on port 8443 with secure method. with this solution we can use both old and new password reset service. Original message From: Logan Barfield lbarfi...@tqhosting.com Date: 03/12/2014 19:32 (GMT+03:30) To: dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password Passwords are most definitely a necessity, but not having SSH Keys in the GUI at this point just doesn't make any sense. To clarify my thoughts on the current password system: I think a re-write would be great, but it should include an insecure/legacy option (probably as a global setting) that would continue to function with the current reset scripts. Thank You, Logan Barfield Tranquil Hosting On Wed, Dec 3, 2014 at 10:55 AM, Andrija Panic andrija.pa...@gmail.com wrote: +1 what Nux said - I'm aware of many web developers NOT knowing what the SSH keys are at all, and thus not using them... most of them relly on passwords... but nice to have ssh keys for rest of us. On 3 December 2014 at 16:52, Nux! n...@li.nux.ro wrote: Keys are not for everyone. Passwords are still used a lot. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Carlos Reategui create...@gmail.com To: dev@cloudstack.apache.org Sent: Wednesday, 3 December, 2014 05:19:07 Subject: Re: A secure way to reset VMs password Why do passwords at all? Why not just use ssh keys like AWS does. The functionality is already there just not in the ACS UI. Cloud-init already supports it which is available in most distros and therefore would not require CS specific scripts. At least not for linux. On windows I'm not exactly sure how AWS does it but I think it is also some kind of terminal services certificates so I think it could be made to work too. -Carlos On Dec 2, 2014, at 2:35 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto: n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto: astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export
Re: A secure way to reset VMs password
It is possible if we provide password service on port 8080 with current insecure method and on port 8443 with secure method. with this solution we can use both old and new password reset service. Original message From: Logan Barfield lbarfi...@tqhosting.com Date: 03/12/2014 19:32 (GMT+03:30) To: dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password Passwords are most definitely a necessity, but not having SSH Keys in the GUI at this point just doesn't make any sense. To clarify my thoughts on the current password system: I think a re-write would be great, but it should include an insecure/legacy option (probably as a global setting) that would continue to function with the current reset scripts. Thank You, Logan Barfield Tranquil Hosting On Wed, Dec 3, 2014 at 10:55 AM, Andrija Panic andrija.pa...@gmail.com wrote: +1 what Nux said - I'm aware of many web developers NOT knowing what the SSH keys are at all, and thus not using them... most of them relly on passwords... but nice to have ssh keys for rest of us. On 3 December 2014 at 16:52, Nux! n...@li.nux.ro wrote: Keys are not for everyone. Passwords are still used a lot. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Carlos Reategui create...@gmail.com To: dev@cloudstack.apache.org Sent: Wednesday, 3 December, 2014 05:19:07 Subject: Re: A secure way to reset VMs password Why do passwords at all? Why not just use ssh keys like AWS does. The functionality is already there just not in the ACS UI. Cloud-init already supports it which is available in most distros and therefore would not require CS specific scripts. At least not for linux. On windows I'm not exactly sure how AWS does it but I think it is also some kind of terminal services certificates so I think it could be made to work too. -Carlos On Dec 2, 2014, at 2:35 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto: n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto: astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can
Re: A secure way to reset VMs password
I'm all for making the password reset system more secure, as long as it isn't required. I don't think the risk is substantial for isolated networks, and being forced to reconfigure every template would be a big hassle. I do agree that SSH Key injection should also be available in the GUI. It's a standard feature in most other cloud orchestration suites, and as mature as the project is I don't see there being a good excuse for it not being there. I would think a decent developer could knock it out in an afternoon. I didn't know there was an existing issue open (that hasn't been touched in almost two years), so I opened another one here recently: https://issues.apache.org/jira/browse/CLOUDSTACK-7882 - This can be merged/marked as duplicate if needed, but it does need some attention.
Re: A secure way to reset VMs password
An open source alternative is in the works by the guys at Cloudbase.it in their cloudbase-init https://review.openstack.org/#/c/127593/ -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Alireza Eskandari astro.alir...@yahoo.com.INVALID To: dev@cloudstack.apache.org Sent: Wednesday, 3 December, 2014 04:44:33 Subject: Re: A secure way to reset VMs password A stupid question! I can't find the source of windows version of password manager! Where is it? Sent from Samsung Mobile. div Original message /divdivFrom: Chiradeep Vittal chiradeep.vit...@citrix.com /divdivDate:03/12/2014 02:05 (GMT+03:30) /divdivTo: dev@cloudstack.apache.org /divdivSubject: Re: A secure way to reset VMs password /divdiv /divYou would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
Re: A secure way to reset VMs password
Keys are not for everyone. Passwords are still used a lot. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Carlos Reategui create...@gmail.com To: dev@cloudstack.apache.org Sent: Wednesday, 3 December, 2014 05:19:07 Subject: Re: A secure way to reset VMs password Why do passwords at all? Why not just use ssh keys like AWS does. The functionality is already there just not in the ACS UI. Cloud-init already supports it which is available in most distros and therefore would not require CS specific scripts. At least not for linux. On windows I'm not exactly sure how AWS does it but I think it is also some kind of terminal services certificates so I think it could be made to work too. -Carlos On Dec 2, 2014, at 2:35 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
Re: A secure way to reset VMs password
+1 what Nux said - I'm aware of many web developers NOT knowing what the SSH keys are at all, and thus not using them... most of them relly on passwords... but nice to have ssh keys for rest of us. On 3 December 2014 at 16:52, Nux! n...@li.nux.ro wrote: Keys are not for everyone. Passwords are still used a lot. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Carlos Reategui create...@gmail.com To: dev@cloudstack.apache.org Sent: Wednesday, 3 December, 2014 05:19:07 Subject: Re: A secure way to reset VMs password Why do passwords at all? Why not just use ssh keys like AWS does. The functionality is already there just not in the ACS UI. Cloud-init already supports it which is available in most distros and therefore would not require CS specific scripts. At least not for linux. On windows I'm not exactly sure how AWS does it but I think it is also some kind of terminal services certificates so I think it could be made to work too. -Carlos On Dec 2, 2014, at 2:35 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik -- Andrija Panić
Re: A secure way to reset VMs password
Passwords are most definitely a necessity, but not having SSH Keys in the GUI at this point just doesn't make any sense. To clarify my thoughts on the current password system: I think a re-write would be great, but it should include an insecure/legacy option (probably as a global setting) that would continue to function with the current reset scripts. Thank You, Logan Barfield Tranquil Hosting On Wed, Dec 3, 2014 at 10:55 AM, Andrija Panic andrija.pa...@gmail.com wrote: +1 what Nux said - I'm aware of many web developers NOT knowing what the SSH keys are at all, and thus not using them... most of them relly on passwords... but nice to have ssh keys for rest of us. On 3 December 2014 at 16:52, Nux! n...@li.nux.ro wrote: Keys are not for everyone. Passwords are still used a lot. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Carlos Reategui create...@gmail.com To: dev@cloudstack.apache.org Sent: Wednesday, 3 December, 2014 05:19:07 Subject: Re: A secure way to reset VMs password Why do passwords at all? Why not just use ssh keys like AWS does. The functionality is already there just not in the ACS UI. Cloud-init already supports it which is available in most distros and therefore would not require CS specific scripts. At least not for linux. On windows I'm not exactly sure how AWS does it but I think it is also some kind of terminal services certificates so I think it could be made to work too. -Carlos On Dec 2, 2014, at 2:35 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto: n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto: astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get
Re: A secure way to reset VMs password
That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.org dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
Re: A secure way to reset VMs password
You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
Re: A secure way to reset VMs password
A stupid question! I can't find the source of windows version of password manager! Where is it? Sent from Samsung Mobile. div Original message /divdivFrom: Chiradeep Vittal chiradeep.vit...@citrix.com /divdivDate:03/12/2014 02:05 (GMT+03:30) /divdivTo: dev@cloudstack.apache.org /divdivSubject: Re: A secure way to reset VMs password /divdiv /divYou would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
Re: A secure way to reset VMs password
Why do passwords at all? Why not just use ssh keys like AWS does. The functionality is already there just not in the ACS UI. Cloud-init already supports it which is available in most distros and therefore would not require CS specific scripts. At least not for linux. On windows I'm not exactly sure how AWS does it but I think it is also some kind of terminal services certificates so I think it could be made to work too. -Carlos On Dec 2, 2014, at 2:35 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
Re: A secure way to reset VMs password
Correct...I've chatted with Folks in the past, it wasnt open-sourced. Excuse any typos - sent from mobile device On Dec 2, 2014, at 20:50, Alireza Eskandari astro.alir...@yahoo.com.INVALID wrote: A stupid question! I can't find the source of windows version of password manager! Where is it? Sent from Samsung Mobile. div Original message /divdivFrom: Chiradeep Vittal chiradeep.vit...@citrix.com /divdivDate:03/12/2014 02:05 (GMT+03:30) /divdivTo: dev@cloudstack.apache.org /divdivSubject: Re: A secure way to reset VMs password /divdiv /divYou would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
Re: A secure way to reset VMs password
It's not our place to enforce how users authenticate to their VMs. We provide flexible options, suggest best practices, and let them use the tool as best suits their needs. Excuse any typos - sent from mobile device On Dec 2, 2014, at 21:22, Carlos Reategui create...@gmail.com wrote: Why do passwords at all? Why not just use ssh keys like AWS does. The functionality is already there just not in the ACS UI. Cloud-init already supports it which is available in most distros and therefore would not require CS specific scripts. At least not for linux. On windows I'm not exactly sure how AWS does it but I think it is also some kind of terminal services certificates so I think it could be made to work too. -Carlos On Dec 2, 2014, at 2:35 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
Re: A secure way to reset VMs password
John, +1If we provide password reset capability it should be secure, if not it is better to make it disable at all.About source of windows version, so what did we do? Should we write it from scratch? Why it isn't open?I open a jira ticket, if you have any comment or suggestion please write there.https://issues.apache.org/jira/browse/CLOUDSTACK-8009 Thanks From: John Kinsella j...@stratosec.co To: dev@cloudstack.apache.org dev@cloudstack.apache.org Sent: Wednesday, December 3, 2014 9:18 AM Subject: Re: A secure way to reset VMs password It's not our place to enforce how users authenticate to their VMs. We provide flexible options, suggest best practices, and let them use the tool as best suits their needs. Excuse any typos - sent from mobile device On Dec 2, 2014, at 21:22, Carlos Reategui create...@gmail.com wrote: Why do passwords at all? Why not just use ssh keys like AWS does. The functionality is already there just not in the ACS UI. Cloud-init already supports it which is available in most distros and therefore would not require CS specific scripts. At least not for linux. On windows I'm not exactly sure how AWS does it but I think it is also some kind of terminal services certificates so I think it could be made to work too. -Carlos On Dec 2, 2014, at 2:35 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I
Re: A secure way to reset VMs password
I’m all for providing choice, but not when one of them is not a good/secure one. On Dec 2, 2014, at 9:48 PM, John Kinsella j...@stratosec.co wrote: It's not our place to enforce how users authenticate to their VMs. We provide flexible options, suggest best practices, and let them use the tool as best suits their needs. Excuse any typos - sent from mobile device On Dec 2, 2014, at 21:22, Carlos Reategui create...@gmail.com wrote: Why do passwords at all? Why not just use ssh keys like AWS does. The functionality is already there just not in the ACS UI. Cloud-init already supports it which is available in most distros and therefore would not require CS specific scripts. At least not for linux. On windows I'm not exactly sure how AWS does it but I think it is also some kind of terminal services certificates so I think it could be made to work too. -Carlos On Dec 2, 2014, at 2:35 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
Re: A secure way to reset VMs password
While they might be better than weak passwords, ssh keys are not a silver bullet - they're harder to use and a case can be made that they're no more secure (think: attacker compromises desktop, accesses ssh key file) And no, from my previous research, you can't enforce that an ssh key has a passphrase... Excuse any typos - sent from mobile device On Dec 2, 2014, at 22:01, Carlos Reátegui create...@gmail.com wrote: I’m all for providing choice, but not when one of them is not a good/secure one. On Dec 2, 2014, at 9:48 PM, John Kinsella j...@stratosec.co wrote: It's not our place to enforce how users authenticate to their VMs. We provide flexible options, suggest best practices, and let them use the tool as best suits their needs. Excuse any typos - sent from mobile device On Dec 2, 2014, at 21:22, Carlos Reategui create...@gmail.com wrote: Why do passwords at all? Why not just use ssh keys like AWS does. The functionality is already there just not in the ACS UI. Cloud-init already supports it which is available in most distros and therefore would not require CS specific scripts. At least not for linux. On windows I'm not exactly sure how AWS does it but I think it is also some kind of terminal services certificates so I think it could be made to work too. -Carlos On Dec 2, 2014, at 2:35 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues
Re: A secure way to reset VMs password
BTW If anyone wants to upvote the the key management GUI Jira here it is: https://issues.apache.org/jira/browse/CLOUDSTACK-1230 On Dec 2, 2014, at 9:59 PM, Carlos Reátegui create...@gmail.com wrote: I’m all for providing choice, but not when one of them is not a good/secure one. On Dec 2, 2014, at 9:48 PM, John Kinsella j...@stratosec.co wrote: It's not our place to enforce how users authenticate to their VMs. We provide flexible options, suggest best practices, and let them use the tool as best suits their needs. Excuse any typos - sent from mobile device On Dec 2, 2014, at 21:22, Carlos Reategui create...@gmail.com wrote: Why do passwords at all? Why not just use ssh keys like AWS does. The functionality is already there just not in the ACS UI. Cloud-init already supports it which is available in most distros and therefore would not require CS specific scripts. At least not for linux. On windows I'm not exactly sure how AWS does it but I think it is also some kind of terminal services certificates so I think it could be made to work too. -Carlos On Dec 2, 2014, at 2:35 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
Re: A secure way to reset VMs password
Probably should be re-written. Excuse any typos - sent from mobile device On Dec 2, 2014, at 21:58, Alireza Eskandari astro.alir...@yahoo.com.INVALID wrote: John, +1If we provide password reset capability it should be secure, if not it is better to make it disable at all.About source of windows version, so what did we do? Should we write it from scratch? Why it isn't open?I open a jira ticket, if you have any comment or suggestion please write there.https://issues.apache.org/jira/browse/CLOUDSTACK-8009 Thanks From: John Kinsella j...@stratosec.co To: dev@cloudstack.apache.org dev@cloudstack.apache.org Sent: Wednesday, December 3, 2014 9:18 AM Subject: Re: A secure way to reset VMs password It's not our place to enforce how users authenticate to their VMs. We provide flexible options, suggest best practices, and let them use the tool as best suits their needs. Excuse any typos - sent from mobile device On Dec 2, 2014, at 21:22, Carlos Reategui create...@gmail.com wrote: Why do passwords at all? Why not just use ssh keys like AWS does. The functionality is already there just not in the ACS UI. Cloud-init already supports it which is available in most distros and therefore would not require CS specific scripts. At least not for linux. On windows I'm not exactly sure how AWS does it but I think it is also some kind of terminal services certificates so I think it could be made to work too. -Carlos On Dec 2, 2014, at 2:35 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote: You would need client-side certs as well since the password server needs to be able to validate WHO is asking for the password. Currently it is based on the client's IP address. Also the current scheme is a single-use password — as soon as the password is retrieved, it is not available to anybody else (of course a MITM could sniff the first exchange). You could eliminate a lot of MITM-style attacks by running the password server locally on each hypervisor (hard for VMW), or by attaching an ISO (containing the password) to the VM. From: John Kinsella j...@stratosec.comailto:j...@stratosec.co Reply-To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Date: Tuesday, December 2, 2014 at 1:32 PM To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Subject: Re: A secure way to reset VMs password That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten from scratch. John On Nov 28, 2014, at 11:33 AM, Nux! n...@li.nux.romailto:n...@li.nux.ro wrote: Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.commailto:jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org dev@cloudstack.apache.orgmailto:dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.commailto:astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.commailto:terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalidmailto:astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate
Re: A secure way to reset VMs password
On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
Re: A secure way to reset VMs password
Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
Re: A secure way to reset VMs password
For me personaly, this Cloudstack feature is used only during damn I forgot my password and during deploying new VM from template. After I get access to VM - the password should be really changed anyway. I agree it's unsecure, but again you are supposed to change it - and not hope that the passwrod generated by third party tool (not yourself) is safe or not stored anywhere else... On 28 November 2014 at 10:34, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik -- Andrija Panić
Re: A secure way to reset VMs password
Andrija, Don't think like that if you run a public offering. Convenience will always win, the customer will not change the password. :) -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Andrija Panic andrija.pa...@gmail.com To: dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 12:05:53 Subject: Re: A secure way to reset VMs password For me personaly, this Cloudstack feature is used only during damn I forgot my password and during deploying new VM from template. After I get access to VM - the password should be really changed anyway. I agree it's unsecure, but again you are supposed to change it - and not hope that the passwrod generated by third party tool (not yourself) is safe or not stored anywhere else... On 28 November 2014 at 10:34, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik -- Andrija Panić
Re: A secure way to reset VMs password
Jayapal, Not necesarily, one could run stunnel or nginx as SSL proxy on some other port (8443?), this way SSL and non-SSL connections will still work and give you plenty of time to update your templates, if you so wish. Am I missing any important bits here? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com To: dev@cloudstack.apache.org dev@cloudstack.apache.org Cc: Alireza Eskandari astro.alir...@yahoo.com Sent: Friday, 28 November, 2014 09:34:02 Subject: Re: A secure way to reset VMs password Another point to note is all the vms in production has to update with the new cloud-set-guest-password scripts because of the new password reset method. Thanks, Jayapal On 28-Nov-2014, at 2:28 PM, Erik Weber terbol...@gmail.com wrote: On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari astro.alir...@yahoo.com.invalid wrote: HiI viewed the bash script that resets Linux password ( http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
A secure way to reset VMs password
HiI viewed the bash script that resets Linux password (http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards
Re: A secure way to reset VMs password
+1 on this, Alireza I think it would be best if you submitted a bug in https://issues.apache.org/jira/ -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Alireza Eskandari astro.alir...@yahoo.com.INVALID To: dev@cloudstack.apache.org Sent: Thursday, 27 November, 2014 14:54:40 Subject: A secure way to reset VMs password HiI viewed the bash script that resets Linux password (http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It seems that it doesn't use a secure way for transferring password string to instance.Instances on a shared network can sniff password requests and export requested password of other instances.I suggest to use SSL (https) instead of plan text.Regards
Re: A secure way to reset VMs password
Lucian, I send email here to see developers opinion about this issue and discuss about it.I'll open a jira ticket about it soon.Thanks for your +1 :) From: Nux! n...@li.nux.ro To: dev@cloudstack.apache.org; Alireza Eskandari astro.alir...@yahoo.com Sent: Thursday, November 27, 2014 7:58 PM Subject: Re: A secure way to reset VMs password +1 on this, Alireza I think it would be best if you submitted a bug in https://issues.apache.org/jira/ -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro