Skip to content
This repository was archived by the owner on Jun 20, 2024. It is now read-only.
This repository was archived by the owner on Jun 20, 2024. It is now read-only.

Support one time key based initial authentication #1625

Open
@ushachar

Description

@ushachar

I'm looking into deploying weave in multiple on-premise locations, where some of the machines could be eventually compromised/decommissioned.
When working in a potentially high-risk environment, it would be useful to be able to:

  1. Prevent an attacker from reusing a password token to join malicious instances into the weave network.
  2. Support forcibly detaching a node from the network.

This can be done without creating a 'master' node using an approach like:
first_node:
Only the password hash needs to be saved & propagated by weave.
$ weave launch --master-password abc
$ weave provision --master-password abc
One time key, valid for 5 minutes: xyz

second_node:
There's a small time span where conflicts could arise if a very fast attacker attempts to join a second instance using key X before knowledge about the first instance using key X propagates throughout the network.
$ weave launch --key xyz initial_node

third_node
$ weave launch --key xyz
Failed to join network, peer already exists

And on any node attached to the network, one could run:
$ weave eject --key xyz --master-password abc

This is somewhat related to issues #39 (since a selectively distributed password update could be used to eject a node) and #206

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions