Skip to content

Security

Jump to bottom
Ondrej Lichtner edited this page Nov 6, 2016 · 2 revisions

#Security in LNST The LNST Slave application is a service allowing arbitrary code execution with root privileges on the machine it's running on. Because of this it is NOT RECOMMENDED to run this application on any publicly accessible machines.

To at least partially mitigate this, LNST now does support Controller and Slave authentication and use of a Secure Channel for their communication. This page describes how to enable these features.

NOTE: security functions in LNST were not formally validated in any way, be aware of this and use at your own risk.

##Slave configuration Security functions on the Slave can be enabled through the lnst-slave.conf configuration file:

[security]
auth_types =
auth_password =
privkey =
ctl_pubkeys =

Where:

  • auth_types specifies which authentication method should be accepted by the Slave. At this time it accepts a single value, but the plan is to be able to accept a list of values and negotiate with the Controller on which one should be used. Accepted values are:
    • none -- default value, skips authentication and Secure Channel setup
    • no-auth -- skips authentication, but sets up a Secure Channel
    • password -- authentication using the SRP6 handshake protocol supplied with the password from the auth_password option
    • ssh -- authentication using the already setup SSH keys. The server authenticates itself to the Controller using keys with these paths:
      • /etc/ssh/ssh_host_rsa_key
      • /etc/ssh/ssh_host_ecdsa_key Next the server checks the authenticity of the Controller by checking the public keys in ~/.ssh/authorized_keys. A prerequisite for this authentication method is that you already have distributed your ssh keys in such a way that you're able to automatically authenticate when connecting over ssh.
    • pubkey -- authentication using a keypair specified by the privkey configuration option. The authenticity of the controller is checked against a public keys found in the directory specified by ctl_pubkeys
  • auth_password password used for authentication when auth_type is set to password accepts any string, leading whitespaces are ignored.
  • privkey path to a PEM formatted file containing a private-public keypair. Will be used to authenticate the Slave to the Controller, when auth_types == "pubkey", the public key of the Slave needs to be manually distributed to the Controllers and specified in the Slave Description XML file.
  • ctl_pubkeys path to a directory containing PEM formatted files containing Controller public keys. The filenames specify the identity of the Controller, and are significant.

##Controller configuration Similarily you can configure the Controller:

[security]
identity =
privkey =

Where:

  • identity accepts any string (leading whitespaces are ignored) which will be sent to the Slave at the start of the handshake as an identifying string. This is only used for the pubkey authentication method, where the Slave searches for the Controller public key based on the received identity.
  • privkey path to a PEM formatted file containing a private-public keypair. Will be used to authenticate the Controller to the Slave, when auth_types == "pubkey". The Controller public key needs to be manually distributed to the Slaves, stored in the ctl_pubkeys directory, with filename identity

The next step is to tell the Controller what authentication methods should be used for which slaves. To do this you have to modify the Slave Descriptions in your pools.

##Configuring Security in a Slave Description XML files To enable secure communication with a Slave you need to add the element to the Slave Description XML file:

<slavemachine>
    ...
    <security>
        <auth_type>none/pubkey/ssh/password</auth_type>
        <auth_password>password</auth_password>
        <pubkey_path>path/to/slave/pubkey</pubkey_path>
    </security>
    ...
</slavemachine>

Where:

  • <auth_type> element needs to correspond to the auth_type option configured on the Slave
  • <auth_password> element specifies the password to be used when auth_type == "password", this element will be ignored if a different authentication type is configured
  • <pubkey_path> is only used when auth_type == "pubkey" and specifies the path to the public key of the Slave.
Clone this wiki locally