标题: kimsufi 服务器曝出严重安全漏洞。。。大神帮忙看看什么意思 [打印本页] 作者: 图样图森破 时间: 2017-5-6 18:09 标题: kimsufi 服务器曝出严重安全漏洞。。。大神帮忙看看什么意思 On May 2, 2017 at 16:00 CEST, a security flaw was detected in our Proxmox 4 installations.
In order to use Proxmox in a ‘cluster’ configuration (Proxmox VE Cluster), a pair of SSH keys is automatically generated to facilitate communication between the different physical nodes of the cluster.
Our system that generates the distribution (March 16, 2017 at 12:26 CEST) did not correctly those pair of keys, making possible the connection between two client machines.
In order to reduce the attack surface and as a measure of precaution, we used the private key available in the image to remove the public key which corresponds to the authorize keys file found in ‘/etc/pve/priv’. The traditional "/root/.ssh/authorized_keys" file being a symbolic link to the latter.
We are not able to intervene on the Proxmox configurations configured in cluster mode, without disrupting service.
We have logged in your manager our intervention under the reference: 'Remote Intervention OVH for correction Proxmox installation'.
The corrective action taken is not a permanent solution because in order to fully secure your configuration, the new pair of keys must be generated by you. If you restart the ‘pve-cluster’ service (also in case of server reboot), the previous SSH key will be redeployed, making the server vulnerable again.
It is strongly advised that you conduct a complementary analysis of your system.
In order to help you, the following script will secure your infrastructure:
- wget ftp://ftp.ovh.net/made-in-ovh/dedie/proxmox4-fixssh.sh
- chmod +x proxmox4-fixssh.sh
- ./proxmox4-fixssh.sh