[NMS-14118] Support Host Key verification - The OpenNMS Issue Tracker

XML

Word

Printable

Details

Type: Story
Status: Resolved (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: Next
Fix Version/s: 30.0.0
Component/s: None
Security Level: Default (Default Security Scheme)
Labels:
- Muppet

Epic Link:
H30 Series Security Posture
Story Points:
3
Sprint:
Horizon 22 - April 13 - 27, Horizon - April 27 - May 11

Description

When opening a connection to a remote device, we should verify the host key against a known fingerprint. This fingerprint should be stored in metadata. This can be opt-in by not doing a check if no host-key is assigned.

Without host-key checking, we will send the username/password credentials to every host on which the monitor is configured. This could potentially leak the credentials..

Attachments

Activity

People

Assignee:: Dustin Frisch

Reporter:: Dustin Frisch

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Mar/22 8:59 AM

Updated:: 11/May/22 2:45 PM

Resolved:: 28/Apr/22 5:09 PM

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.