Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

thar-admin: retrieve SSH public keys via IMDSv2 #706

Merged
merged 1 commit into from
Feb 3, 2020

Conversation

etungsten
Copy link
Contributor

Issue #, if available: Partially addresses #685

Description of changes:
start_admin_sshd.sh now retrieves SSH public keys via IMDSv2.

Testing done:
Built new thar-admin container image; Launched a Thar instance with it as the admin host-container.

I can SSH to the Thar instance admin container and drop into a root shell with sudo sheltie.

$ ssh ec2-user@SNIP
Last login: Sat Feb  1 00:05:30 2020 from SNIP
Welcome to Thar's Handy Administrator Resources (the admin container)!

This container provides access to the Thar host filesystems (see
/.thar/rootfs) and contains common tools for inspection and troubleshooting.
It is based on Amazon Linux 2, and most things are in the same places you would
find them on an AL2 host.

To permit more intrusive troubleshooting, including actions that mutate the
running state of the Thar host, we provide a tool called "sheltie" (`sudo sheltie`).
When run, this tool drops you into a root shell in the Thar host's root filesystem.
[ec2-user@SNIP ~]$ sudo sheltie
bash-5.0# 

Same test done for both when instances are launched with enforced IMDSv2 and without.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Copy link
Contributor

@zmrow zmrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🏔

@iliana iliana mentioned this pull request Feb 3, 2020
10 tasks
Updated start_admin_sshd.sh to retrieve SSH public keys via IMDSv2.
@etungsten
Copy link
Contributor Author

etungsten commented Feb 3, 2020

Addresses @jahkeup 's comment.

Tested and admin container still works

@etungsten etungsten merged commit c136f8b into develop Feb 3, 2020
@etungsten etungsten deleted the thar-admin-imdsv2 branch February 3, 2020 23:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants