CVE-2013-4253 The deployment script in the unsupported "OpenShift Extras" add-on scripts installs a default public key in the root user's authorized_keys file.
This public key can be used to access the new instance when it's setup. A public key is only as secure as the password protecting its associated file. The password for the user "openshift" is stored in the Red Hat OpenShift scheduler database.
The user "openshift" has the minimum required permissions to read and write to the Red Hat OpenShift database. When deploying new OpenShift apps, the public key is copied from the previous Red Hat OpenShift installation and pasted into the new Red Hat OpenShift installation at the time of deployment.
Summary
When a new Red Hat OpenShift installation is deployed, the public key is copied from the previous Red Hat OpenShift installation and pasted into the new Red Hat OpenShift Installation at time of deployment. When the new instance boots up, it's able to read its own key and update itself with new features.
In order to access the new instance, a user can specify the password for "openshift" in the Red Hat OpenShift scheduler backend database. If you want to change this password, you need to edit /etc/ovirt-engine/engine-configuration.conf file and restart OVirt engine.
CVE-2014-1805
This public key can be used to access the new instance when it's setup. A public key is only as secure as the password protecting its associated file. The password for the user "openshift" is stored in the Red Hat OpenShift scheduler database.
When deploying new OpenShift apps, the public key is copied from the previous Red Hat OpenShift installation and pasted into the new Red Hat OpenShift installation at the time of deployment.
The user "openshift" has minimum required permissions to read and write to the Red Hat OpenShift database.
Public Key Verification
The public key for the user "openshift" is expected to be available on the Red Hat OpenShift instance. This public key will only be used for deployment as a scheduled job. The user "openshift" should not use this public key for anything else.
If the public key is missing, or if the artifact isn't accessible, then the deployment will fail and an appropriate error message will appear during deployment.
How to configure an OpenShift main server using the public key
Open the Red Hat OpenShift web interface and navigate to "Server Manager".
Select the "Main Server" tab.
Select "Add New Keys" and paste in the public key copied from the previous installation.
Public Key for the User "openshift"
The public key for the user "openshift" is found in the file "ssh-rsa.pub" on the Red Hat OpenShift installation server.
The password for the user "openshift" is stored in a file called "openshift-password.txt" on the Red Hat OpenShift installation server.
Timeline
Published on: 10/19/2022 18:15:00 UTC
Last modified on: 10/21/2022 17:12:00 UTC