Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I am looking at this cluster of student work stations. They are diskless clients

ID: 661762 • Letter: I

Question

I am looking at this cluster of student work stations. They are diskless clients which boot from NFS. They also have sshd enabled.

All of these machines share the same ssh host key (rsa,dsa,etc), because they boot from NFS. As NFS is not encrypted, the private keys are transferred in clear text anyways. This is not a huge problem, because the machines are on a separate VLAN and in theory you can only sniff the packages if you are root, which is unlikely to be the case.

Besides this obvious problem (private keys transferred without encryption), is it a bad idea to share the host keys between those machines?

Explanation / Answer

The private key is the distinctive power of each machine. Having distinct keys for the machine makes sense, from a security point of view, only if the machines are not equivalent to each other. As you note, if an attacker obtains full control of one machine, then it can spy on the network and observe the files of all other machines, including their SSH private keys. It could also simulate the bootup procedure of any other machine, using the MAC address for that machine at the BOOTP/DHCP/whatever stage, and obtain all the secret values of that other machine. In short words, hijacking one machine can easily be expanded into hijack of all the machines. In that context, per-machine private keys would not buy you anything more.

If you want better security, including some isolation layer which would make machines not equivalent to each other, then you will need some heavy artillery. NFS is built over RPC, and there is an extension called Secure RPC which allows for encryption of all the data; however, it is old, poorly supported (I am not sure Linux supports it, for instance), and poorly maintained (if at all). A newer and arguably better method would be IPsec. Alternatively, one can encapsulate the NFS traffic into SSH, as explained in section 6.4 of this document. This raises interesting chicken-and-egg questions: how do you setup some SSH (or IPsec) in order to tunnel NFS in it, if you already need the NFS to obtain the SSH (or IPsec) private key ?

This is a rather generic point. Diskless systems are diskless. As such, they are, when shut down, identical to each other. Since a diskless machine cannot permanently store anything, it cannot contain any secret value which would give it some power denied from other machines. Consequently, all the diskless systems can be "emulated" from other diskless systems, in the bootup procedure, as alluded to in the first paragraph. Therefore, you cannot really create a context where the diskless machines would be really distinct from each other; as a corollary, you don't need to make the SSH private keys distinct.

Related Questions

I am interested in modeling water flow including boundary flow (with friction) a
Question #1374371
I am interested in possible hazards due to high intensy infrared light sources.
Question #1375292
I am interested in speech recognition software for Windows, that takes an audio
Question #661036
I am interested in starting to learn how to contribute to open source projects a
Question #659973
I am interested in testing whether being incarcerated changes opiod use in at-ri
Question #3050522
I am interested in the effects of day length (i.e. the number of hours of sunlig
Question #308300
I am interested in the effects of day length (i.e. the number of hours of sunlig
Question #308301
I am interested in the idea of C++-like const not that particular execution (lik
Question #655535

Navigate

Previous
I am looking at thermodynamics and cannot access the solutions on my \"cramster
Next
I am looking for 2 differentfunctions to satisfy two different parameters. E.G.,

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.