[2.5, ESXi] Always enable SSH on ESXi deployments or provide an option to do so
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
ESXi highly discourages the enablement of SSH for hosts by:
1. Showing a warning on both the deployed machine and the vSphere console
2. All commands are logged[1]
3. From [2] - "The ESXi Shell is primarily intended for use in break-fix scenarios."
During VMware image creation process the user can enable SSH by uncommenting out 2 lines in the kickstart file[3]. This bug is to discuss whether that should be the default. If not should there be an option in MAAS to enable it? Should MAAS suppress the console warning?[4]
[1] https:/
[2] https:/
[3] https:/
[4] https:/
Related branches
- Blake Rouse (community): Needs Information
- MAAS Lander: Needs Fixing
- Alberto Donato (community): Approve
-
Diff: 283 lines (+131/-17)6 files modifiedsrc/maasserver/api/machines.py (+12/-5)
src/maasserver/api/tests/test_machine.py (+65/-0)
src/maasserver/node_action.py (+4/-0)
src/maasserver/tests/test_node_action.py (+2/-1)
src/metadataserver/tests/test_vendor_data.py (+35/-8)
src/metadataserver/vendor_data.py (+13/-3)
tags: | added: esxi track |
description: | updated |
Changed in maas: | |
milestone: | none → 2.6.0beta1 |
importance: | Undecided → Medium |
status: | New → Triaged |
summary: |
- [2.5] Always enable SSH on ESXi deployments or provide an option to do - so + [2.5, ESXi] Always enable SSH on ESXi deployments or provide an option + to do so |
Changed in maas: | |
milestone: | 2.6.0beta1 → 2.6.0beta2 |
Changed in maas: | |
milestone: | 2.6.0beta2 → 2.6.0rc1 |
Changed in maas: | |
assignee: | nobody → Lee Trager (ltrager) |
Changed in maas: | |
milestone: | 2.6.0rc1 → 2.6.0rc2 |
milestone: | 2.6.0rc2 → 2.6.0rc1 |
Changed in maas: | |
milestone: | 2.6.0rc1 → 2.6.0rc2 |
Changed in maas: | |
milestone: | 2.6.0rc2 → 2.7.0alpha1 |
Changed in maas: | |
status: | Triaged → Won't Fix |
assignee: | Lee Trager (ltrager) → nobody |
milestone: | 2.7.0alpha1 → none |
Some questions:
- In the kickstart file a root password is specified for the ESX host. I assume, then, that in order to configure ESX for the first time, one either connects to the ESX web interface with the root password, or "enlists" (not sure the correct term) the ESX instance into an existing vSphere server. Is that correct?
- I assume it's possible (via the ESX web interface) for a user to manually enable SSH. Is that correct?
If both of the above assumptions are true, I feel that it's safest to disable SSH by default, given that it can easily be re-enabled. That is, given that ESX servers have SSH disabled by default, and complain loudly if that changes, I think it's safe to assume that VMware doesn't maintain the SSH service to ensure that it has applied the latest security updates. (Or even if it did, it's likely that customers will deploy a specific release of ESX for a long period of time and not update it.) That means that enabling SSH could significantly increase the attack surface of an ESX deployment.
I know it's counter-intuitive from a MAAS perspective, but it seems to me that leaving SSH disabled by default (and allowing an option to enable it at deployment time, if desired) is the safest bet for an ESX deployment.