Bug 719377

Summary: Documentation::: Guests built for VMware allow ssh as root with default password
Product: [Retired] CloudForms Cloud Engine Reporter: wes hayutin <whayutin>
Component: DocumentationAssignee: Justin Clift <jclift>
Status: CLOSED CURRENTRELEASE QA Contact: wes hayutin <whayutin>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 0.3.1CC: akarol, clalance, dajohnso, deltacloud-maint, kwade, matt.wagner, morazi, ssachdev
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 718226 Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description wes hayutin 2011-07-06 16:05:45 UTC 
Need to document in the release notes how passwords should be used for rhevm templates


+++ This bug was initially created as a clone of Bug #718226 +++

Description of problem:
I've just coerced a guest to build and launch on vSphere. No ssh keypair is present, and I was able to ssh in as root with the default 'ozrootpw' password. In theory the user can override this in the template, but if they don't, minting VM images with a predictable root password will be a security risk.


Version-Release number of selected component (if applicable):
imagefactory-0.2.2-1.el6.noarch

How reproducible:
100%

Expected results:
Guests are not launched with a publicly-known root password.

--- Additional comment from clalance on 2011-07-01 11:46:48 EDT ---

So the thing is that Oz already has the ability to set the root password at build time, via the <rootpw> tag (see the RelaxNG schema for the right placement).  I'm thinking that we should "enforce" this tag at the imagefactory level by not accepting builds unless they have this tag set.  That will at least make sure that builds coming from the factory aren't insecure by default.

Chris Lalancette

--- Additional comment from whayutin on 2011-07-06 12:02:46 EDT ---

sounds like a doc issue for beta release notes
Comment 1 wes hayutin 2011-08-01 19:14:05 UTC 
BZ 719377 - Guests built for VMware/rhevm allow ssh as root with default password
Users should specify the root password when building templates for rhevm or vmware:
Comment 2 wes hayutin 2011-08-01 19:49:00 UTC 
removing from tracker
Comment 3 wes hayutin 2011-08-01 20:01:34 UTC 
release pending...
Comment 4 wes hayutin 2011-08-01 20:01:56 UTC 
release pending...
Comment 5 wes hayutin 2011-08-01 20:02:10 UTC 
release pending.. 2
Comment 7 wes hayutin 2011-12-08 14:03:46 UTC 
closing out old bugs
Comment 8 wes hayutin 2011-12-08 14:15:20 UTC 
perm close