[Openstack-security] [Bug 1320056] Re: Cinder utils SSHPool should allow customized ssh host keys and missing policy
Duncan Thomas
duncan.thomas at gmail.com
Tue Jun 24 11:44:48 UTC 2014
@Tim Kelsey: I think the plan is to make the policy configurable, with
auto-add (but fail if changed) as the default, which is secure enough
for most people but can be bumped up by sufficiently paranoid installed
who do the work to collect the keys first.
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1320056
Title:
Cinder utils SSHPool should allow customized ssh host keys and missing
policy
Status in Cinder:
Fix Released
Status in OpenStack Security Advisories:
Won't Fix
Status in OpenStack Security Notes:
In Progress
Bug description:
In cinder/utils.py, SSHPool is using paramiko.AutoAddPolicy() as
default. This may lead security issue without being notified. The
utility should allow customized usage when create the pool or session.
Also the host_keys file should be allowed to be customized so that any
driver utilizing the SSHPool should have their customized security
setting or delegate to customer's scenario & configuration to
determine the policy and key files.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1320056/+subscriptions
More information about the Openstack-security
mailing list