[NMS-14118] Support Host Key verification - The OpenNMS Issue Tracker

XML

Word

Printable

Details

Type: Story
Status: Resolved (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: Next
Fix Version/s: 30.0.0
Component/s: None
Security Level: Default (Default Security Scheme)
Labels:
- Rodent

Epic Link:
H30 Series Security Posture
Story Points:
3
Sprint:
Horizon 22 - April 13 - 27, Horizon - April 27 - May 11

Description

When opening a connection to a remote device, we should verify the host key against a known fingerprint. This fingerprint should be stored in metadata. This can be opt-in by not doing a check if no host-key is assigned.

Without host-key checking, we will send the username/password credentials to every host on which the monitor is configured. This could potentially leak the credentials..

Attachments

Activity

People

Assignee:: Dustin Frisch

Reporter:: Dustin Frisch

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Mar/22 8:59 AM

Updated:: 07/Jun/22 4:51 PM

Resolved:: 28/Apr/22 5:09 PM