Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use ZeroMQ socket authentication #125

Open
mschubert opened this issue Feb 22, 2019 · 0 comments
Open

Use ZeroMQ socket authentication #125

mschubert opened this issue Feb 22, 2019 · 0 comments
Milestone

Comments

@mschubert
Copy link
Owner

Currently, there is no security mechanism to check if the incoming connections are actually from the submitted jobs, and not from a user that is trying to read out data or send fake results.

This should not be an issue in general because HPC on an internal network is usually trusted, and comparable technologies (e.g. MPI) do not provide either authentication or encryption either in their default implementations.

However, considering that the workers connect to the master and not the other way around, there should probably be a minimal security mechanism that checks if the incoming connections are from the jobs submitted.

This is why there is now a session password passed to the workers as environment variable using CMQ_AUTH={{ auth }}. This token will be sent with every worker message sent to the master, which will check its validity against the filled template value.

This will protect against:

  • A non-privileged user opening a simple network connection to the clustermq master

This will not protect against:

  • Users able to read network traffic (connections are not encrypted and same password is used throughout the session)
  • Users able to read environment variables of foreign processes
  • Administrators
  • Many others

Templates without the variable set will continue to work with a warning that sockets are not authenticated.

This mechanism should be exchanged by the ZeroMQ authentication protocol using a Woodhouse pattern (plaintext user/password via socket option). This will require ZeroMQ>4.0.0 and socket options currently not supported by rzmq. We will need to consider a change to pbdZMQ and/or interfacing with the library directly. As this will be a breaking change, it will not happen before the next major release (0.9.x or 1.0).

I currently do not see a reason to implement encryption, as (1) I would consider an HPC environment trusted and (2) this would require a user to set up and manage their keys, complicating the whole process with minimal gain (and performance penalty). Remote connections are managed/authenticated/encrypted via the SSH layer.

@mschubert mschubert added this to the v1.0 milestone Apr 7, 2019
@mschubert mschubert modified the milestones: v1.0, v0.9.0 Jun 3, 2019
@mschubert mschubert changed the title Socket authentication and encryption Use ZeroMQ socket authentication Jun 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant