openstack team mailing list archive

Thread
Date

Re: Handling of adminPass is arguably broken (essex)

To: Vishvananda Ishaya <vishvananda@xxxxxxxxx>
From: "Bryan D. Payne" <bdpayne@xxxxxxx>
Date: Thu, 1 Nov 2012 08:41:18 -0700
Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <3F1173E5-B8FD-4E7B-A57D-C2650A8D0DBD@gmail.com>
Sender: bdpayne@xxxxxxxxx

> The best idea I've heard for a secure windows password
> is the following:
>
> a) put a public key on the instance via metadata or config drive (for ease of use this could actually just be the ssh public key you normally use for logging into the vm).
> b) have a daemon in the windows instance that:
>  * generates a random password
>  * sets the administrator password to the random password
>  * encrypts it with the public key
>  * serves the encrypted password over https on a known port (say 9999)
> c) open up port (9999) in the instance's security group
> d) retrieve the encrypted password and decrypt it
> e) close port (9999) in the instances security group

+1 for this.

As a side note, there's probably work to be done to ensure that the
instance actually has good entropy and can create a truly random
password.  Nevertheless, this entropy problem could be solved
separately from what Vish describes above.

-bryan

References

Handling of adminPass is arguably broken (essex)
From: Lars Kellogg-Stedman, 2012-11-01
Re: Handling of adminPass is arguably broken (essex)
From: Joshua Harlow, 2012-11-01
Re: Handling of adminPass is arguably broken (essex)
From: Lars Kellogg-Stedman, 2012-11-01
Re: Handling of adminPass is arguably broken (essex)
From: Vishvananda Ishaya, 2012-11-01