[j-nsp] protect ssh and telnet
Saku Ytti
saku at ytti.fi
Tue Apr 5 07:14:58 EDT 2016
On 5 April 2016 at 13:52, Richard Hartmann <richih.mailinglist at gmail.com> wrote:
> This still sounds as if your CMDB would need to detect that, raise a
> flag, and then push out new config after being updated; in case of
> planned maintenance, you could even add that info before the swap.
I don't think you can push secret key, not in supported way at least.
You can jump to shell and replace the host keys in unixy way, of
course. But how do you jump to the box when you don't know its keys?
If you do know, then there is no point jumping to replace them, innit?
If you want to do this right today, the correct way is to extract
public key in secure manner (What is secure? OOB not really, but maybe
human on-site) and store them in your jump box for user-wide
consumption, and raise alarm if host keys have changed. So who ever is
physically installing RE, should also make sure hostkeys are updated
securely in centralised location.
I'm sure someone out there does this, but I'm going to say that at
least 99% of user-base (All vendors) just accept any key always.
Making SSH really no safer than Telnet.
This is pretty classic example where demanding good security (not
exposing secret keys) destroys whole security model. Compromise of
putting the secret keys in config would make secure much, much better
for 99% of users.
--
++ytti
More information about the juniper-nsp
mailing list