Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to configuring a tor hidden service for SSH access #35

Open
anadahz opened this issue Jun 3, 2016 · 5 comments
Open

Add support to configuring a tor hidden service for SSH access #35

anadahz opened this issue Jun 3, 2016 · 5 comments
Milestone
Future releases

Comments

@anadahz
Copy link
Member

anadahz commented Jun 3, 2016

The build script should also support configuring a tor hidden service that allows ssh access to some set of keys.
@hellais hellais added this to the lepidopter 0.3.0-beta release milestone Jul 10, 2016
@anadahz
Copy link
Member Author

anadahz commented Aug 6, 2016

Prior to enabling access to a set of ssh keys we 'll first need to set the group/user permissions in lepidopter. Currently the default username (lepidopter) is on the sudo group and requires user authentication (default password: lepidopter) to run sudo.
In order to access lepidopter via ssh and perform superuser tasks (with sudo) we 'll either need to know the password of the user, disable sudo user authentication or log as root via ssh.

If we expose the ssh service via a tor hidden service we should ensure that the default authentication password is being changed or allow only public key authentication (which may not be applicable to headless lepidopter setups).

@anadahz
Copy link
Member Author

anadahz commented Aug 28, 2016

@hellais, @darkk, @bassosimone any thoughts on #35 (comment)?

@bassosimone
Copy link
Contributor

bassosimone commented Aug 29, 2016
edited
Loading

@anadahz, thanks for the question, I guess that's a very important one. So, let's discuss this and here's what I just said in the IRC meeting about this issue:

if possible I'd avoid us having root access on Lepidopters because it increases the scope of what we can do using the probes way beyond the software we deploy using standard channels and this IMHO could put partners in a more troubling situation if caught, not to mention that say I have access to all Lepidopters, I am compromised, and someone uses that access to do nasty things (e.g. installing a botnet and doing DoS attacks using the probes).

and to further clarify:

I am not advocating against having a root user, I am advocating against us having ssh access as root (but also I think I am advocating against us having ssh access)

and:

to further clarify, I think we should not have assh access, because I think we should not be able to run arbitrary commands on the probe in an unaccountable way, and I think this is also a safeguard for partners (one thing is if you can demonstrate what software was running, another if one can argue a partner gave a box to "foreign agents")

@anadahz
Copy link
Member Author

anadahz commented Aug 30, 2016

After last meeting's discussion it seems that we are going to drop the idea of using a tor HS for SSH access in lepidopter images.

@hellais
Copy link
Member

hellais commented Aug 31, 2016

I would say we keep this as a ticket, but defer it to future versions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Future releases
Development

No branches or pull requests
3 participants
@bassosimone @hellais @anadahz