Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ssh-key should be generated on fly, not to use public one #68

Open
ikke-t opened this issue Aug 28, 2018 · 8 comments
Open

ssh-key should be generated on fly, not to use public one #68

ikke-t opened this issue Aug 28, 2018 · 8 comments
Labels
backlog Will be done whenever someone has time enhancement New feature or request

Comments

@ikke-t
Copy link
Collaborator

ikke-t commented Aug 28, 2018

This is "looks bad security habbit" -kinda issue, but it hurts me see we share private ssh key in github. We should generate the key for the first user, and keep inserting the key everywhere by ansible.

E.g: Run ssh-keygen on the tower machine, register and print it to local file. Then push it to all the machines for student users.

@mglantz mglantz added enhancement New feature or request backlog Will be done whenever someone has time labels Aug 29, 2018
@mglantz
Copy link
Collaborator

mglantz commented Sep 1, 2018

Well it's not a bad habbit, I think it's just us prioritizing usability instead of security I think. It makes things easier for setting up the lab, easier to troubleshoot systems, and so on. Eg. this is an Ansible lab and not a demo/lab of how to secure an automated setup of RHEL on AWS ;) We would then do things a lot different I think.

If we're to do this..
There is no connection from the tower servers to the managed systems, we provision the tower servers and managed systems separately, without them being associated. We could use tags in EC2 to associate a tower server with clients systems and then based on tags:

  • Generate key on tower with tag 123, register and print to local file
  • Push keys to managed systems with tag 123

Benefits:

  • One tower can only manage it's managed systems
  • 0 risk of outside hackers compromising environment

Cons:

  • Less robust install, you need to keep a connection to the install base for the duration of the install, pushing the key to 900 managed systems will take some time. As it is, you only need to be online for 3-4 minutes and then the install happens in AWS.
  • Tiny bit more secure, but the risk of someone getting the key from git, managing to scan the systems in an ongoing lab is not really high. But if security is a concern, we have bigger fish to fry I think. Such as credentials for the systems. Highest risk is that a student messes with other students. But unique keys won't save you then.
  • More lock-in to AWS

@mglantz
Copy link
Collaborator

mglantz commented Sep 2, 2018

I've added 73a200f to underscore that the security design is on purpose.

@mglantz
Copy link
Collaborator

mglantz commented Sep 2, 2018

To improve security a bit, I've commited 4c220df

@ikke-t
Copy link
Collaborator Author

ikke-t commented Sep 2, 2018

You have good points, and explaining that in readme is good. The proper ssh keys would only make sense if we create them unique per registrant, and e.g. send it via mail to each participant, along with unique pwd and other env. info. That would be then much more complicated, and future item.

@mglantz
Copy link
Collaborator

mglantz commented Sep 2, 2018

Mmm. If we're to avoid students being able to access other students systems, e-mail is probably the only way I guess. Or is there some other way? Put the information in automatically generated password protected pastebins which has limited live? If someone doesn't have access to their e-mail, we could log studentX: pastebin.com/aspldfpl so that we can pull out the info on site.

@mglantz
Copy link
Collaborator

mglantz commented Sep 2, 2018

If generation and distribution of key all happens via the tower-install.yml playbook, then it won't have any impact on installation time. I suggest we solve it there.

@mglantz
Copy link
Collaborator

mglantz commented Sep 2, 2018

tower-install.yml get's dropped off via https://github.com/mglantz/ansible-roadshow/blob/master/content/scripts/tower-prep.sh currently, to ease testing of differents branches and because pulling the playbook from github was failing quite often.

@mglantz
Copy link
Collaborator

mglantz commented Sep 2, 2018

Change needs to be integrated into lab-7 where Tower is configured for access to systems. https://github.com/mglantz/ansible-roadshow/blob/master/labs/lab-7/README.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backlog Will be done whenever someone has time enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants