[openstack-dev] [OSSG] OpenStack Security Group Task List
Eric Windisch
eric at cloudscaling.com
Thu Nov 1 16:21:35 UTC 2012
> >
> > The disks are copied from source to destination via rysnc over ssh during resizing/migrating.
> > It means that we will need a password-less ssh private key setup among all compute nodes.
> > It is a security problem in some environment. This blueprint will use rsync itself(not over ssh)
> > to copy/delete the disks.
> Are you planning to improve rsync? I don't think its more secure to use rsync without ssh, with rsync over ssh, not only we have the authentication, but also the data encryption during the transportation. password-less ssh may have potential risk, but still its more secure than rsync itself.
I suspect his concern is less about the protocol, but about how it is used. The code forces all disk migrations to happen as 'root' and presumes that the systems have password-less ssh keys configured between them.
While the rsync protocol would be less secure in and of itself, it is easily chrooted. It changes the attack surface. Instead of being able to compromise the dom0 from another (already) compromised dom0, you'll "only" able to compromise the guests from any host (as any user) that has access to rsync port.
There are ways to make rsync+ssh more secure than it is used currently, but this may just be the wrong solution, period.
Regards,
Eric Windisch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121101/91c96956/attachment.html>
More information about the OpenStack-dev
mailing list