Skip to content
This repository was archived by the owner on Jun 20, 2024. It is now read-only.
This repository was archived by the owner on Jun 20, 2024. It is now read-only.

Support one time key based initial authentication #1625

Open
@ushachar

Description

@ushachar

I'm looking into deploying weave in multiple on-premise locations, where some of the machines could be eventually compromised/decommissioned.
When working in a potentially high-risk environment, it would be useful to be able to:

  1. Prevent an attacker from reusing a password token to join malicious instances into the weave network.
  2. Support forcibly detaching a node from the network.

This can be done without creating a 'master' node using an approach like:
first_node:
Only the password hash needs to be saved & propagated by weave.
$ weave launch --master-password abc
$ weave provision --master-password abc
One time key, valid for 5 minutes: xyz

second_node:
There's a small time span where conflicts could arise if a very fast attacker attempts to join a second instance using key X before knowledge about the first instance using key X propagates throughout the network.
$ weave launch --key xyz initial_node

third_node
$ weave launch --key xyz
Failed to join network, peer already exists

And on any node attached to the network, one could run:
$ weave eject --key xyz --master-password abc

This is somewhat related to issues #39 (since a selectively distributed password update could be used to eject a node) and #206

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions