Please note: I haven't used fai-chboot to automatically disable fai-installation yet because the manpage scares me too much. What is described in this mail is an attack scenario that seems to be possible judging from the manpage.
> have a look there: > https://lists.uni-koeln.de/pipermail/linux-fai/2009-October/007357.html There should be a big fat flashing warning sign attached to fai-chboot + ssh. Does nobody see the fault in having - a NFS-share mountable by any client [on a specific network] - a SSH-Key without a passphrase stored in that NFS-share - a login account allowing (at least) the manipulation of other hosts boot-settings Please at least hint that one should consider implementing some security measures. What happens if J. Random User decides he doesn't like you anymore, mounts the nfsroot and executes "fai-chboot -e" for every host in your network? Or decides to play really nasty and execute 'fai-chboot -e -i <my own nfsroot>' which may completely wipe the system, install some kind of rootkit or do other unpleasant stuff? There's even a ready-to-use example given in the manpage: fai-chboot −IFv −u nfs://faiserver/srv/fai/clusterconf node03 "node03 will be installed using the configuration space /srv/fai/clusterconf, which is mounted from faiserver via NFS." It gets worse. NFS traffic is not even encrypted. This means the private key is transmitted in plaintext over the wire. From a security point of view there's not much difference if one simply uses telnet instead of ssh. This is probably not relevant if using fai to install a compute-cluster in a trusted network environment. If the environment is not trusted (training classroom? datacenter?) then please implement appropriate measures.
