[Openstack-security] [Bug 1320056] Re: Cinder utils SSHPool should allow customized ssh host keys and missing policy

Jay Bryant jsbryant at us.ibm.com
Tue Jun 24 18:47:07 UTC 2014 

Matt, Duncan and Tim,

Here is an excerpt from the spec I wrote for this change:
https://review.openstack.org/#/c/100697/1/specs/juno/configurable-ssh-
host-key-policy.rst

		41
			The solution would require two new configuration items as well as	42
			a change to the current default behavior. First, there would need	43
			to a 'strict_ssh_host_key_policy' configuration option with possible	44
			settings of 'false' (default) or 'true'. When this option is set to	45
			'false' it will automatically accept the host key on the first connection	46
			and then will throw an exception if the host key changes in the future.	47
			This is where the default behavior changes from the current functionality.	48
				49
			In the case that 'strict_ssh_host_key_policy' is set to 'true' then a	50
			second option 'ssh_host_keys_file' must be configured. When the strict	51
			configuration is used it is assumed that the administrator is going to	52
			have pre-configured ssh host keys and any deviation from those expected	53
			keys will be handled with an exception.

So, that was the plan that John approved though he noted that he is
mixed on the default proposal.

The agreement in IRC was that we would reject a connection if it changed
after the host key was added to known hosts.  As far as first connection
is concerned, it looks like I get get a list of known keys with
get_host_keys .  If we don't have the key yet we accept it.  If we do
have the key we do strict checking on it.

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1320056

Title:
  Cinder utils SSHPool should allow customized ssh host keys and missing
  policy

Status in Cinder:
  Fix Released
Status in OpenStack Security Advisories:
  Won't Fix
Status in OpenStack Security Notes:
  In Progress

Bug description:
  In cinder/utils.py, SSHPool is using paramiko.AutoAddPolicy() as
  default. This may lead security issue without being notified. The
  utility should allow customized usage when create the pool or session.
  Also the host_keys file should be allowed to be customized so that any
  driver utilizing the SSHPool should have their customized security
  setting or delegate to customer's scenario & configuration to
  determine the policy and key files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1320056/+subscriptions

More information about the Openstack-security mailing list