Fix the issue detailed in the trail of bits audit, re:
SSH clients maintain a list of known-good hosts they have connected to before. Host key verification is then used to prevent man-in-the-middle (MitM) attacks. The current method using a reverse tunnel to create the nagios configuration file, is insecure.
Following the security audit, the reverse tunnel scripts were deemed to be a security risk, vulnerable to man in the middle attacks. The creation of the nagios server specific config files, has already been migrated to the Nagios_Config playbook, and a new issue has been created for a new / amended playbook to configure the ssh connection. ( See #3525 )
Fix the issue detailed in the trail of bits audit, re:
SSH clients maintain a list of known-good hosts they have connected to before. Host key verification is then used to prevent man-in-the-middle (MitM) attacks. The current method using a reverse tunnel to create the nagios configuration file, is insecure.
Following the security audit, the reverse tunnel scripts were deemed to be a security risk, vulnerable to man in the middle attacks. The creation of the nagios server specific config files, has already been migrated to the Nagios_Config playbook, and a new issue has been created for a new / amended playbook to configure the ssh connection. ( See #3525 )