Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Require aesfunc tokens #7356
See also #7353
The master currently allows any minion with an accepted key to send commands to the master as any other minion. This pull request requires that commands sent from a minion to the master include a token encrypted with the minion's public key.
Unfortunately, requiring this token breaks backwards compatibility with all previous minion versions. I have added "require_aes_tokens: False" to the master config, and the master will allow old minions to send commands without a token unless require_aes_tokens is set to True. I gave it a warn_until version 0.20 to allow for salt admins to upgrade their minions to at least 0.17 (assuming this pull request gets included in 0.17)
I think salt should, by default, not trust the minions as much as possible. This greatly reduces the ability of evil minions to do nasty things.
This comment has been minimized.
This comment has been minimized.Show comment Hide comment
We should not refer to the token as aes and the verify as rsa, since these are routines that can be updated in the future and they are not cryptographic per-say. This is just a simple id challenge.