bosh-linux-stemcell-builder icon indicating copy to clipboard operation
bosh-linux-stemcell-builder copied to clipboard

Published 20 hours ago verified publisher icon cloudfoundry

Noble Numbat vSphere/vCloud stemcells forbid SSH password authentication

Open danielfor opened this issue 1 year ago • 2 comments

The Stemcells have the SSH password authentication disabled, with the exception of the stemcells created for vsphere/vcloud which allow password authentication. It might be a good idea to standardize the SSH configuration in the Noble Numbat stemcells, so we don't have exceptions and all of them forbid password authentication, increasing security and avoiding scanners to find weaknesses in the vsphere stemcells.

danielfor avatar Feb 23 '24 19:02 danielfor

I think some vSphere users campaigned vociferously for an exception, and OpenStack, too, if memory serves.

cunnie avatar Mar 01 '24 19:03 cunnie

is there anyway to figure out who campaigned for this? and check if this is still relevant. as its pretty easy nowdays to add an ssh key to an existing stemcell tarball. if debug sessions are required. see https://github.com/cloudfoundry/bosh-linux-stemcell-builder/blob/ubuntu_noble_poc/scripts/add_debug_ssh.sh

ramonskie avatar Apr 15 '24 13:04 ramonskie

solved in #351

ramonskie avatar Jun 14 '24 07:06 ramonskie