Uploaded image for project: 'OpenShift Windows Containers'
  1. OpenShift Windows Containers
  2. WINC-1406

Log a warning/info message for weak private keys used for instance configuration

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • 3
    • None
    • None
    • WINC - Sprint 274

      Disclaimer: This was generated using artificial intelligence with Cursor IDE. While efforts have been made to ensure accuracy, please verify the details for correctness and completeness before proceeding.

      User or Developer story

      As a platform administrator, I want WMCO to validate the strength and type of SSH private keys used for instance configuration so that only secure keys are permitted, reducing the risk of unauthorized access.

      Description

      Currently, WMCO accepts user-provided SSH private keys via the `cloud-private-key` secret without validating their properties, such as algorithm, key length, or elliptic curve. This allows for the use of weak keys (e.g., RSA 1024-bit) or keys based on insecure curves, which are vulnerable to being compromised and could lead to unauthorized access to Windows nodes.

      Validation logic must be added to inform minimum security standards for SSH keys when they are processed by the operator.

      Required

      • Implement validation for SSH key algorithm and strength.
      • Reject keys that do not meet the defined security policy.

      Nice to have

      • Provide a configurable policy for allowed key types and sizes.

      Engineering Details

      • Repository: `https://github.com/openshift/windows-machine-config-operator/`
      • Files to modify: `controllers/secret_controller.go` where the secret is reconciled, and `pkg/signer/signer.go` where the key is parsed.
      • A new validation function should be created and called within the `secret_controller` reconciliation loop immediately after the key is read.
      • The validation should check for things like:
      • RSA key size >= 2048 bits.
      • ECDSA keys use secure curves (e.g., P-256, P-384, P-521).
      • Deprecated algorithms are rejected.

      Acceptance Criteria

      • WMCO informs SSH keys that do not meet the minimum security requirements.
      • The operator logs a clear, user-friendly error message when an insecure key is provided
      • The validation logic correctly handles all supported key types (e.g., RSA, ECDSA, Ed25519) and gracefully rejects unsupported types.
      • Unit tests are added to verify that both valid and invalid keys of various types are handled correctly. (This is probably going to set off a github security alert, so not necessary)

              jvaldes@redhat.com Jose Valdes
              jvaldes@redhat.com Jose Valdes
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: