SSH Users not properly cleaned up
Article ID: 293737
Updated On:
Products
Operations Manager
Issue/Introduction
When an SSH connection to a BOSH VM is not terminated properly, the temporary user that was created for this connection is not cleaned up and remains on the system. This can be identified as a potential security issue and may need to be addressed.
Environment
Product Version: 2.10
Resolution
The following command will delete stale bosh-ssh users on a single VM (zookeeper/0 of deployment zookeeper as an example):
Or this command for all instances (in a zookeeper deployment):
bosh curl -X POST /deployments/zookeeper/ssh -H "Content-Type: application/json" --body <(echo '{"command":"cleanup","deployment_name":"zookeeper","params":{"user_regex":"^bosh_"},"target":{"ids":["0"],"indexes":["0"],"job":"zookeeper"}}')
Or this command for all instances (in a zookeeper deployment):
bosh curl -X POST /deployments/zookeeper/ssh -H "Content-Type: application/json" --body <(echo '{"command":"cleanup","deployment_name":"zookeeper","params":{"user_regex":"^bosh_"},"target":{"ids":[],"indexes":[]}}')
Note: The command will fail if there are active bosh ssh processes, though you could adjust the user_regex to be more specific if you know the stale username already.Feedback
Yes
No
Powered by
