0

I've noted that probably all of the 4 popular Software Configuration Management Tools (SCMs), ie.:

  1. Puppet,
  2. Ansible,
  3. Chef,
  4. Salt

use only clients' authentication instead of the server authentication – correct me if I'm wrong (I suspect I'm wrong, but I don't know why).

Why is that? Isn't it unsafe to trust the server that in fact manages nearly every detail of the clients' system configuration?

Here is description of how Puppet's authentication is provided. Isn't it possible for an attacker to run MITM attack by pretending to be Puppet server? Does authenticating clients by the server somehow provides mutual authentication?

patryk.beza
  • 413
  • 3
  • 6

2 Answers2

1

Here is description of how Puppet's authentication is provided.

The link you provide clearly says:

Communication between the master and agents is granted and secured with client-verified HTTPS, which requires valid identifying SSL certificates.

Given that some kind of server authentication is always done with HTTPS this only means that client authentication is done additionally to server authentication and not that only client authentication is done.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • For sake of completeness: [here](https://docs.puppet.com/puppet/5.1/subsystem_agent_master_comm.html) is description of how *agent-side checks and HTTPS requests to the Puppet master during a single Puppet run*. Unfortunately I didn't find how server authentication is done e.g. in [Chef](https://www.chef.io/). [Here](https://docs.chef.io/auth.html) is authentication description referring only to the client's authentication (quote: *The authentication process ensures the Chef server responds only to requests made by trusted users*). – patryk.beza Sep 17 '17 at 19:50
0

Partial answer:

I use Ansible with SSH Key authentication. I'd say it includes a server authentication in the sense that the Ansible server must prove every time that it holds the private key for an SSH key auth. The same holds good, even with password auth.

So in this case the question boils down to "would an MITM attack be possible when initiating an SSH session?" The only provision AFAIK is checking HostKey checking - which is manual the first time - and automatic thereafter. I believe this aspect has been discussed before. e.g., How to correctly secure a ssh session against MITM attack?

Sas3
  • 2,648
  • 9
  • 20
  • [Ansible](https://www.ansible.com/) has quite unusual communication model because it's [*pushing*](https://www.ansible.com/how-ansible-works) configuration to the clients in contrast to *pulling* it by the clients themselves (which is default in [Puppet](https://puppet.com/), [Chef](https://www.chef.io/), [Salt](https://saltstack.com/) and [many others](https://en.wikipedia.org/wiki/Comparison_of_open-source_configuration_management_software)). Ansible's server is using [SSH](https://en.wikipedia.org/wiki/Secure_Shell) to log on the clients, so lets focus on the rest of the SCMs. – patryk.beza Sep 17 '17 at 14:20