search

Azure / az-hop

The Azure HPC On-Demand Platform provides an HPC Cluster Ready solution
https://azure.github.io/az-hop/
MIT License
64 stars 54 forks source link

security: move away from SSH keys stored in cleartext #1603

Open ltalirz opened 1 year ago

ltalirz commented 1 year ago

Currently, the terraform deployment step results in the hpcadmin SSH key being stored in cleartext in the volume of the deployer, which allows for lateral movement in the network.

It would be preferable to use a local key management solution, such as password-protected (encrypted) SSH keys with an SSH agent and a timeout for ssh-add (e.g. 24h).

ltalirz commented 1 year ago

Edit: this should have been a feature request rather than a bug

xpillons commented 1 year ago

can you please elaborate more on this ? moving to bicep would remove that I guess.

ltalirz commented 1 year ago

This was flagged by an automatic security scanner of a customer.

I think the basic premise is simply that storing SSH keys in cleartext (time-unlimited token) on a web server allows an attacker who gains access to the machine to move laterally through the network and should be avoided.

Thinking a bit more about this, I guess in the case of a compromise of the deployer VM, the main worry is actually the (permanent) system managed identity rather than the SSH key for the cluster. Perhaps one could suggest users to shut down the deployer when it's not used to reduce the attack surface.