Neutron should be able to fetch hostkeys for ports

Bug #1682247 reported by Monty Taylor on 2017-04-12
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Wishlist
Unassigned

Bug Description

In public cloud scenarios, the end user currently has no trust path from which to fetch an SSH hostkey from a server. (to be fair, the same is also true in private clouds) There may also be other protocols that would similarly like to do a handshake - so add an API call to allow an end user to fetch a public key from a network port without fear of MITM attack.

Infra would love to get this in OpenStack clouds.

Monty Taylor (mordred) wrote :

Also, I wrote an initial spec before I learned about the RFE process (whoops):

https://review.openstack.org/456394

The implementation details in it are almost certainly wrong.

Changed in neutron:
status: New → Triaged
Changed in neutron:
importance: Undecided → Wishlist
Kevin Benton (kevinbenton) wrote :

Just to be clear. From what I understand this will mean that we need a component sitting in the tenant's dataplane that will scan the VM on a given TCP port to get the SSH key. Is that right?

Kevin Benton (kevinbenton) wrote :

@Monty,

Sorry about the delay, we are just now getting around to this. Is this still something you would like to see in Neutron or have you discovered a better way to get data from the VM visible in an API somewhere?

Kevin Benton (kevinbenton) wrote :

@Monty,

Reach out to one of us on IRC if this is something still want implemented.

tags: added: rfe-postponed
removed: rfe
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints