Neutron should be able to fetch hostkeys for ports

Bug #1682247 reported by Monty Taylor on 2017-04-12
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

In public cloud scenarios, the end user currently has no trust path from which to fetch an SSH hostkey from a server. (to be fair, the same is also true in private clouds) There may also be other protocols that would similarly like to do a handshake - so add an API call to allow an end user to fetch a public key from a network port without fear of MITM attack.

Infra would love to get this in OpenStack clouds.

Monty Taylor (mordred) wrote :

Also, I wrote an initial spec before I learned about the RFE process (whoops):

The implementation details in it are almost certainly wrong.

Changed in neutron:
status: New → Triaged
Changed in neutron:
importance: Undecided → Wishlist
Kevin Benton (kevinbenton) wrote :

Just to be clear. From what I understand this will mean that we need a component sitting in the tenant's dataplane that will scan the VM on a given TCP port to get the SSH key. Is that right?

Kevin Benton (kevinbenton) wrote :


Sorry about the delay, we are just now getting around to this. Is this still something you would like to see in Neutron or have you discovered a better way to get data from the VM visible in an API somewhere?

Kevin Benton (kevinbenton) wrote :


Reach out to one of us on IRC if this is something still want implemented.

tags: added: rfe-postponed
removed: rfe
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints