neutron

Neutron should be able to fetch hostkeys for ports

Bug #1682247 reported by Monty Taylor
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Triaged
Wishlist
Unassigned

Bug Description

In public cloud scenarios, the end user currently has no trust path from which to fetch an SSH hostkey from a server. (to be fair, the same is also true in private clouds) There may also be other protocols that would similarly like to do a handshake - so add an API call to allow an end user to fetch a public key from a network port without fear of MITM attack.

Infra would love to get this in OpenStack clouds.

Revision history for this message
Monty Taylor (mordred) wrote :

Also, I wrote an initial spec before I learned about the RFE process (whoops):

https://review.openstack.org/456394

The implementation details in it are almost certainly wrong.

Kevin Benton (kevinbenton)
Changed in neutron:
status: New → Triaged
Kevin Benton (kevinbenton)
Changed in neutron:
importance: Undecided → Wishlist
Revision history for this message
Kevin Benton (kevinbenton) wrote :

Just to be clear. From what I understand this will mean that we need a component sitting in the tenant's dataplane that will scan the VM on a given TCP port to get the SSH key. Is that right?

Revision history for this message
Kevin Benton (kevinbenton) wrote :

@Monty,

Sorry about the delay, we are just now getting around to this. Is this still something you would like to see in Neutron or have you discovered a better way to get data from the VM visible in an API somewhere?

Revision history for this message
Kevin Benton (kevinbenton) wrote :

@Monty,

Reach out to one of us on IRC if this is something still want implemented.

tags: added: rfe-postponed
removed: rfe
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related blueprints

Remote bug watches

Bug watches keep track of this bug in other bug trackers.