-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi Pankaj,
if an attacker gets root on your master all master-side authentication can be circumvented anyway by changing the master's code.
For a secure solution you would need the minions to know a separate set of private keys with one of a command from the master would need to be signed.
These keys shouldn't reside on the master so they're either on a smartcard/HSM or on the admin's system (available in a limited fashion via a forwarded SSH-agent).
When the `salt` cmd is run it then asks the smartcard or SSH-agent to sign the cmd before it's forwarded to the minions.
If you don't define a whitelist of allowed unsigned commands (on the minion!) you wouldn't even be able to `test.ping` a minion.
Provably won't be fun to implement if your not into this kinda thing…
Or you disable root-login on your master, make sure nobody gets unlimited sudo and all `salt` commands go through sudo. Or use "external authentication" (which I haven't looked into) but there still all bets would be of if someone gets root on your master.
Regards, Florian
>--
>You received this message because you are subscribed to the Google
>Groups "Salt-users" group.
>To unsubscribe from this group and stop receiving emails from it, send
>an email to
salt-users+...@googlegroups.com.
>For more options, visit
https://groups.google.com/d/optout.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1
iQFTBAEBCAA9BQJVk4ghNhxGbG9yaWFuIEVybWlzY2ggPGZsb3JpYW4uZXJtaXNj
aEBhbHVtbmkudHUtYmVybGluLmRlPgAKCRAu8tzCHoBI/ZuNB/sEuQ2uaalnj4V2
b/iNPeOblkR0LLdbtquHwHP5hzNq58oRvHDTzJYSBnjff+CaFyykUWb6/AsX2/uF
e3Y/2vvpQPNO08aL/AbuPtwhOjXPhmGz5/X62svH+2gw1ox7oVP6g99kKidg46Xg
cr5jyrlpeFuZ0sUna487tfYAQqwDGHnhE/KU1XflNr9P7OFGXEHToBtEYGnfgOCE
S+W/Bv687ht1MyEoFqRlw93DiH0MHImbEfnMiHr9m0VOjzXKbHdDsx6wheRp22E4
Vshkli8jWP0OQQwi/GCaVfrXChN2A0yns48gvsGn932SVoMhbLtwYUGBcpcqY2rA
YyNU6UBo
=36l9
-----END PGP SIGNATURE-----