Image import and SSH security in Emulab

Flux Technical Report FTN–2013–05, University of Utah. 2013.

abstract

Cloud providers typically provide compute facilities for their users. It would be very convenient if users could import and export their machines with much greater ease to other cloud providers or to their desktops or local machines. Here, we talk about how we’ve enabled users to easily do this with Emulab. Specifically, we’ve implemented image import mechanisms to import machines from cloud providers like OpenStack and EC2 and also any other general regular Linux machine.

We also discuss how we’ve implemented a SSH security system in Emulab that helps alleviate some of the security that might be brought in by such imported machines. A man in the middle attack is used in a positive way to enforce specific policies onto SSH connections. By doing this, we can apply additional constraints over incoming SSH connections that may not be enforced by the SSH server.