mirror of
https://github.com/fog/fog.git
synced 2022-11-09 13:51:43 -05:00
ec32398811
Without this patch we were blindly trusting the remote end of our API
connection is who they claim to be. This is an insecure state because
we leave ourselves open to a man in the middle attack.
This patch adds a vsphere_expected_pubkey_hash setting for the Vsphere
provider. This setting is expected to be the SHA256 hex digest string
of the PEM encoded text of the RSA public key.
The first time an end user connects this string is displayed to them in
the error message. They need simply copy and paste it into ~/.fog to
securely connect to the remote end.
For example:
:vspherebadpw:
:vsphere_server: vc01.acme.lan
:vsphere_username: api_login
:vsphere_password: badpassword
:vsphere_expected_pubkey_hash: 431dd...
16 lines
251 B
Ruby
16 lines
251 B
Ruby
require 'fog/core'
|
|
|
|
module Fog
|
|
module Vsphere
|
|
|
|
extend Fog::Provider
|
|
|
|
module Errors
|
|
class ServiceError < Fog::Errors::Error; end
|
|
class SecurityError < ServiceError; end
|
|
end
|
|
|
|
service(:compute, 'vsphere/compute')
|
|
|
|
end
|
|
end
|