|
| Re: option to NOT store VPS root passwords [message #59835 is a reply to message #59834] |
Mon, 16 March 2009 04:37   |
Lxhelp
Messages: 23691
Registered: July 2006 |
The Champion |
|
|
It will be encrypted with the next version.
But ideally, it is meant for the vps owner to see what his password is.
On Mon, Mar 16, 2009 at 08:35:45AM -0000, Sean McRobbie wrote:
>
>
> Hello,
>
> Currently all VPS root passwords are stored in plaintext:
>
> echo "select nname,rootpassword from vps" | hypervmdb
>
> Now I know this functionality probably exists for VPS rebuilds and so on, but can you not provide options for working around this either by:
|
|
|
|
|
|
|
|
|
| Re: option to NOT store VPS root passwords [message #63988 is a reply to message #63980] |
Mon, 11 May 2009 08:32 |
Lxhelp
Messages: 23691
Registered: July 2006 |
The Champion |
|
|
But it is visible to the client, and so it is EVIDENT to him that it is not meant to a secret.
Anyway, I will see if I can encrypt the value.
On Mon, May 11, 2009 at 12:06:05PM -0000, Sean McRobbie wrote:
>
>
> What are you talking about? The password *IS* stored unencrypted, that is my point!
>
> Quote:
> > The root password in a vps on the node is not a protection.
> ??? I do not see the relevance, maybe you haven't read my post? Please read it
>
|
|
|
|
| Re: option to NOT store VPS root passwords [message #64002 is a reply to message #63999] |
Mon, 11 May 2009 09:23 |
Lxhelp
Messages: 23691
Registered: July 2006 |
The Champion |
|
|
Yes, it will break the vps system. Anyway, I will add an encryption for the password.
On Mon, May 11, 2009 at 01:19:54PM -0000, Sean McRobbie wrote:
>
>
> Hello,
>
> The client does not know this at all unless they click on the "Root Password" button. Additionally, they would not even know if this is two-way encrypted or not.
>
> Two way encryption is not really an option at all - of course it can be decrypted easily. Even one way encryption can be pretty bad (rainbow tables). The best option is that I described in my first post.
>
> My original question is, if I manually crontab a script to rewrite these values to something random, would the only thing it breaks be reloading VPS images?
>
|
|
|
|
| Re: option to NOT store VPS root passwords [message #64009 is a reply to message #64007] |
Mon, 11 May 2009 09:37 |
Lxhelp
Messages: 23691
Registered: July 2006 |
The Champion |
|
|
If the node gets compromised, then the vpses will be completely accessible to the intruder.
On Mon, May 11, 2009 at 01:34:12PM -0000, Sean McRobbie wrote:
>
>
> So when someone compromises my HyperVM install, All my customers have their hotmail/gmail/paypal accounts etc stolen because they are able to read the root passwords?
>
|
|
|
|
|
|
| Re: option to NOT store VPS root passwords [message #65325 is a reply to message #64014] |
Wed, 20 May 2009 02:36 |
dj-m 
Messages: 88
Registered: May 2009 |
Valuable Member |
|
|
| seany wrote on Mon, 11 May 2009 06:42 | Yes, I know this.
But in this sitution you would not normally also be giving away access to their hotmail/gmail/paypal etc.
Also, who is to say my customers can trust me being able to see their root passwords?
|
the text display of the password within hypervm is moot. If its stored in the DB encrypted then great, it should be.
You could go over to cpanel.net and have this same conversation with them about the SQL root password in plain text, ftp backup server password in plain text, etc...
The bottom line is that if an intruder gets so far as to be able to see the root password- they already have access to everything. And if your client has the same password for a server, paypal, and everything else- they deserve whats coming. Let me guess, the password is "iamgod" right? 
|
|
|
| Re: option to NOT store VPS root passwords [message #65327 is a reply to message #65325] |
Wed, 20 May 2009 02:40 |
 seany 
Messages: 55
Registered: August 2007 |
Valuable Member |
|
|
| dj-m wrote on Wed, 20 May 2009 02:36 | | seany wrote on Mon, 11 May 2009 06:42 | Yes, I know this.
But in this sitution you would not normally also be giving away access to their hotmail/gmail/paypal etc.
Also, who is to say my customers can trust me being able to see their root passwords?
|
the text display of the password within hypervm is moot. If its stored in the DB encrypted then great, it should be.
You could go over to cpanel.net and have this same conversation with them about the SQL root password in plain text, ftp backup server password in plain text, etc...
The bottom line is that if an intruder gets so far as to be able to see the root password- they already have access to everything. And if your client has the same password for a server, paypal, and everything else- they deserve whats coming. Let me guess, the password is "iamgod" right?
|
Again you are missing the point.
The problem is we are not able to educate clients on this.
The password does not actually need to be stored - the fact that it is and if it is ever leaked can lead to *us* being held liable and sued.
|
|
|
|
|
|
| Re: option to NOT store VPS root passwords [message #65333 is a reply to message #65332] |
Wed, 20 May 2009 03:13 |
seany
Messages: 55
Registered: August 2007 |
Valuable Member |
|
|
| dj-m wrote on Wed, 20 May 2009 02:58 | Stew on this for a moment...
If an attacker got in to your clients hypervm administration panel, even if the password was hidden or not displayed or anything else...all the attacker needs to do is issue a change pass for root from the command prompt just a couple boxes north of the root password box. At that point they're still in the machine. Presumably if a user is stupid enough to use the same password for everything- the attacker will still get the password from something on the VM.
|
Sigh.... again it appears you do not understand the problem at all.
What do you not understand about having passwords stored in cleartext?
As soon as a bad exploit for HyperVM is out, everyone out there will be able to dump ALL root passwords along with IP addresses directly and without trouble. As you can imagine, this causes HUGE problems.
It now no longer matters if they gained access or not - they now have direct root passwords few thousand compromised accounts even if the problem has been fixed.
| dj-m wrote on Wed, 20 May 2009 02:58 | The only possible security issue here that you can in any way secure, is to either stop hosting- or make sure that the password is stored encrypted in the database so that when you backup your master to a remote server using ftp (if you do it over a public network which you shouldn't) it cannot be intercepted and all passwords read.
|
Right, so when I run a vanilla Xen server, things are also not secure? We do not store a copy of our root password, in plain text, in domU config files -- problem solved.
| dj-m wrote on Wed, 20 May 2009 02:58 |
Either way, with the "quickness" of new hypervm features...good luck with getting this one your way 
|
If LxLabs/HyperVM cannot listen to their customers, how can they expect to maintain market share?
|
|
|
|
|
| Re: option to NOT store VPS root passwords [message #65337 is a reply to message #65336] |
Wed, 20 May 2009 03:49 |
dj-m
Messages: 88
Registered: May 2009 |
Valuable Member |
|
|
| seany wrote on Wed, 20 May 2009 00:30 |
Good luck to you and your plaintext passwords, rather.
|
Thank you, I don't have a single concern about it in hypervm in the client interface. Like I said, at the point where that is a concern- you've already lost and so has your customer. Its moot.
But I completely agree that the hypervm database needs to immediately be encrypting the passwords instead of storing them in plain text. This is indeed a security issue for anyone who uses "Config Self Backup" for the master and uses a public FTP server for backup, or a server where security may be in question, of if an attacker gains access to the admin.
Of course, I thought that was the point of this post. So either you we were agreeing with eachother and you didn't know it, or your original post isn't what you meant.
[Updated on: Wed, 20 May 2009 03:50] Report message to a moderator |
|
|
| Re: option to NOT store VPS root passwords [message #65339 is a reply to message #65337] |
Wed, 20 May 2009 03:52 |
seany
Messages: 55
Registered: August 2007 |
Valuable Member |
|
|
| dj-m wrote on Wed, 20 May 2009 03:49 | | seany wrote on Wed, 20 May 2009 00:30 |
Good luck to you and your plaintext passwords, rather.
|
Thank you, I don't have a single concern about it in hypervm in the client interface. Like I said, at the point where that is a concern- you've already lost and so has your customer. Its moot.
But I completely agree that the hypervm database needs to immediately be encrypting the passwords instead of storing them in plain text. This is indeed a security issue for anyone who uses "Config Self Backup" for the master and uses a public FTP server for backup, or a server where security may be in question, of if an attacker gains access to the admin.
Of course, I thought that was the point of this post. So either you we were agreeing with eachother and you didn't know it, or your original post isn't what you meant.
|
Yes and no - but effectively yes.
"Encrypting" it won't solve anything. My solutions however will.
|
|
|
|
HyperVM & Kloxo Support
Members
Search
Help
Register
Login
Home
