During iSpec testing, the rhr NETWORK test requires the ability to ssh login to the iSpec server. This can be done automatically (that is, without needing user input) by using ssh key authentication. This would make other parts of our testing (e.g. copying test results back to the iSpec server) much easier as well. Currently, varitek.cgi creates an ssh keypair (with no passphrase) for each machine model defined. This keypair is used to allow the test machine(s) to log into the iSpec server as root, without a password. Obviously this poses a serious security risk if the private key is made publicly available, so we can't just put it in the models/ dir and fetch it by http. Instead, we put the private key in a directory that is only readable by root. After (or possibly during) the RHEL installation, the private key should be fetched by the test machine and installed in the appropriate place. Currently iSpec tries to set up the key(s) during the test machine's first boot after installation, but this has two problems: 1) Requires the user to wait around through the RHEL installation to type the iSpec server root password after the test machine reboots 2) since ssh/scp won't ask for a password unless they're run in a terminal, iSpec has to open up a new virtual terminal to do this. This approach fails on headless machines or other places where the virtual terminals aren't available.
we documented how to add the keys for the 1.0 version. moving to 1.1
-> wwoods needs to verify documentation
The documentation looks correct for 1.0. Moving this bug to 1.1.
Current method is good enough for now - test machines are normally on isolated networks, so security risks are minimal. Plan to remove ssh altogether in the next major release.