We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Secure provisioning of servers


Deimos161
2014-11-09, 12:48 AM
Quote Originally Posted by satan
I will call next week to ask about the SSH key thing that was mentioned now that I know what to ask for.
Just going to chime in here, there is a section of your account dashboard that shows SSH keys and allows you to make new keys.
(Not sure if thats what you're talking about, but nonetheless :P)

satan
2014-11-09, 12:28 AM
Quote Originally Posted by Phil @ OVH
Hello,

Firstly, to address some false statements that I've removed from this thread: Our support staff handle both technical and commercial inquiries. If you spoke with someone, they were a part of the technical staff.

As others have suggested, if you are worried about the security of your root password, it is always advisable to modify it as soon as you gain access to the system. Having said that, remember that we are an unmanaged service provider. If you are concerned with the level security of your system, it is up to you to correct that.

Regards,
Phil C.
I called the phone number listed and had a very good talk after getting over the shock that an actual human answered the phone.

As I mentioned, the problem is not changing the password but being the first to use it. I would as a mater of course be changing the password as well as setting up firewalls, shutting down unneeded services and all the other things needed to secure a fledgling machine. I understand that the server is not managed by SYS/OVH. My concern is that there is some way to provision (or install or initalize or whatever term is used) the server without breaking its security. As I mentioned in another reply, my current provider _used_ to hold the email until I could get the information by phone. Encryption would be easier and better. I will call next week to ask about the SSH key thing that was mentioned now that I know what to ask for.

satan
2014-11-09, 12:15 AM
Quote Originally Posted by heise
A point that is worth mentioning is that OVH does not use TLS while sending emails.



I would care to disagree. Look at http://www.heise.de/security/meldung...n-2438298.html . It's german, but google translate can help. They considered systems to be compromised after attacks were reported, not before. Sure NSA, GCQH are capable of reading root passwords transmitted via email, but they would need to use that information right away to infiltrate your system and such attacks are not know.

Besides, if someone would want to infiltrate your system and has unlimited resource, they most propably will. I was surprised when I recently read that "wget" had security issues that could compromise your server.
I mentioned in my post that I currently have a service provider, I did not state that my email flows through them but it does. As unlikely as it may be, my current provider could easily watch for such an email from a competitor as they control the network. In fact I know that both my current provider and OVH have automated tools watching traffic patterns on their networks because it is clearly stated in the terms of service. Do I suspect my current provider of spying on me? Of course not, if I did I would dump them immediately. But every postmaster can read the emails that pass through their system and everyone who controls a router (notice that I did not say own) can read all traffic that flows through that system.

The point is this, I have been in the position of having to move off a server I _knew_ to be compromised and it really really really sucks because you can't trust anything. It would have been made much worse if my current provider had not agreed in the service contract to hold the provisioning email and pass the login credentials via phone. I have actually had them do this for each and every server I have had with them but times are changing and they have grown (in part because I have been buying from them) to the point where they don't believe in that kind of customer service. Now that I have a secure server (I hope) I'm not willing to switch to one that may be compromised by _simple_ automated tools before I even have a chance to hit send/receive.

So don't tell me about the NSA or unlimited resources and other nonsense when interception is trivial and motives abound.

Phil @ OVH
2014-11-08, 09:49 AM
Hello,

Firstly, to address some false statements that I've removed from this thread: Our support staff handle both technical and commercial inquiries. If you spoke with someone, they were a part of the technical staff.

As others have suggested, if you are worried about the security of your root password, it is always advisable to modify it as soon as you gain access to the system. Having said that, remember that we are an unmanaged service provider. If you are concerned with the level security of your system, it is up to you to correct that.

Regards,
Phil C.

heise
2014-11-08, 04:20 AM
A point that is worth mentioning is that OVH does not use TLS while sending emails.

and any system that has had its root password exposed via clear text must be considered compromised
I would care to disagree. Look at http://www.heise.de/security/meldung...n-2438298.html . It's german, but google translate can help. They considered systems to be compromised after attacks were reported, not before. Sure NSA, GCQH are capable of reading root passwords transmitted via email, but they would need to use that information right away to infiltrate your system and such attacks are not know.

Besides, if someone would want to infiltrate your system and has unlimited resource, they most propably will. I was surprised when I recently read that "wget" had security issues that could compromise your server.

brad2014
2014-11-08, 12:58 AM
Do they send the root password out... Yes... However you can quickly change it / disable it.... The likelihood of someone logging in with your root password is very remote...

Personally I go and disable root login after I setup my account and give myself sudo access..... Actually I disable logins completely and just use ssh keys once the server is setup.

satan
2014-11-08, 12:09 AM
Quote Originally Posted by heise
Hi, it was not helpful.

First: You can do a completly manual installation of your OS. That way no root pw is ever mailed out.
Second: You can login to your fresh installed server and run the command "passwd" as root and change the root password.

So go get a server someplace else, since you won't be comfortable between so many angeles here.
It is a good thing that you are just a customer and not responsible for network security.

As I indicated in my post, I am not a customer yet and have no experience with the management system. All of my information comes from the technical support staff. While they mentioned the possibility of a "temporary" kvm over internet setup, I dismissed that as unsuitable for two reasons. 1) it would require me to install software on my machine and 2) it is a jury-rigged solution that involves what is quite rightly a premium service.

Your second "solution" demonstrates your lack of understanding of security. Changing the root password with passwd of a machine that has already been compromised is fallacious and any system that has had its root password exposed via clear text must be considered compromised.

satan
2014-11-07, 11:47 PM
Quote Originally Posted by vectr0n
You have the ability to add SSH keys in the manager, and when you re-image the server you have the choice of what SSH key to use. No password is sent via email in this case. This is available in all OVH branded managers (SYS/KS).
That is quite different from what I was told by SYS. As I have no access to the management system and was told by support personnel that there was an active internal discussion about this very issue I am surprised to hear this. Have you used the system as you described?

heise
2014-11-06, 08:49 PM
First: You can do a completly manual installation of your OS. That way no root pw is ever mailed out. See signature.
Second: You can login to your fresh installed server and run the command "passwd" as root and change the root password.

vectr0n
2014-11-06, 08:39 PM
You have the ability to add SSH keys in the manager, and when you re-image the server you have the choice of what SSH key to use. No password is sent via email in this case. This is available in all OVH branded managers (SYS/KS).

satan
2014-11-06, 03:02 AM
Hello,

I am looking to buy a dedicated server to replace my current machine at another provider but after talking at some length with the support staff I have a few lingering issues that I hope can be addressed. The most important and only one that is preventing me from making an immediate purchase is security related and I am told is being discussed internally to the company. I would like add my comments both to stress their importance and to help ensure that a proper solution is implemented.

As the title of this post suggests, my concern is for the secure provisioning and turnover of server systems. I have been informed that this occurs through an email which includes all the details needed for root access to the newly birthed machine. As I am sure everyone here is aware, email is in no way a secure or private communication channel and is much more akin to "postcards" than to "mail". By transmitting the login credentials by email, the security of the system is broken the moment it is created. Fortunately, there is a very simple solution to this problem and that is encryption.

As someone interested in basic security, I feel that I am obligated to meet a service provider at least half way in facilitating a secure channel for passing critical information like the password to the root account and one of the best and simplest ways to do that is through a utility that is free and open source under the gnu license called GPG (Gnu Privacy Guard (descended from PGP (Pretty Good Privacy))). This utility is designed to be used with email and allows for the encryption of messages using public key cryptography in a manner that is very similar to that of security certificates used by this very forum (recently replaced I noticed). GPG is available on a wide range of platforms, is relatively straight forward and simple to use and is free.

Without being a customer (yet) I can only speculate about how the interface for managing the customer account is implemented but given that this forum is based on php (bb forum), I believe there are even odds that the management system is also implemented in php. Proceeding from that assumption, I would point out that php has a library for handling gpg keys and doing encryption. Public keys could be pasted in to a web form like that used with the captcha on this forum and imported into a keyring. Once in the keyring, critical data can be encrypted with a customers public key before being sent in an email making it readable only by the person holding the private key. The gpg library in php handles much of the fiddly stuff and would neatly solve the problem of sending passwords in clear text.

This would also make an excellent marketing advantage for your company as this is a general problem in the industry and your implementation of a solution like this helps to ensure the security of each specific machine on your network. Improved security on specific machines has a cascading and amplifying effect on the security of your entire network. Security is a selling point in this day and age of NSA spying.

I hope that this has been helpful in highlighting my concerns and blazing a trail to a solution that is cost effective to implement as well as being of an acceptable level of security for myself. If there are any questions, I would be happy to answer them