remote ssh login possible using well known password by default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
CirrOS |
Confirmed
|
Low
|
Unassigned |
Bug Description
The CirrOS image is frequently used for testing in our Openstack based development datacenter. Unfortunately, users sometimes forgot to remove instances on their projects. When the instance is attached to public network, and security group allow remote SSH access, the instance became an open gateway for privilege escalation. (In this case gaining access to datacenter network.)
Perhaps it would be better when the random password is generated on boot, then it's printed on the console?
I've found another bug related to default password #1454144
So finally the random password should consist from capitals, letters and digits.
Usually, such remote system access bugs are classified as critical security issues. In other hand the Cirros is intended for testing and such access is configured intentionally. Anyway let's discuss to find a balance between security and usability.
Having a fixed username/password combination in cirros is a feature that is used in various automated testing setups. Having a random password would make this much more complicated.
It is a bug to deploy cirros in an environment where public SSH access is possible.