XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Exported Xen Orchestra Config Contains Plaintext Host Passwords - Is This Intentional?

    Scheduled Pinned Locked Moved Solved Xen Orchestra
    11 Posts 6 Posters 1.8k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      amp88
      last edited by

      Hi. I've been using XCP-ng Center to manage my homelab for a while, but recently decided to give Xen Orchestra a go (mostly due to the fantastic backup options which are provided with the Premium package or built from source option). I'm enjoying using it so far (apart from an issue with some mouse and keyboard input lag, which I'm going to look more into myself to see if I can improve), but when I exported the Xen Orchestra configuration (from Settings -> Config -> Export/Download Current Config), I noticed that the resulting .json file contains the passwords for the two hosts in my homelab in plaintext.

      Is this an intentional decision or an oversight? Shouldn't the password hashes be stored in the .json file (as they appear to be for the users)? Does Xen Orchestra need to store plaintext versions to connect to the hosts? Maybe I'm missing something, but would appreciate some clarification, thanks.

      DanpD julien-fJ 2 Replies Last reply Reply Quote 2
      • DanpD Offline
        Danp Pro Support Team @amp88
        last edited by

        @amp88 FWIW, there's an open issue on GH dealing with this.

        A 1 Reply Last reply Reply Quote 1
        • A Offline
          amp88 @Danp
          last edited by

          @Danp said in Exported Xen Orchestra Config Contains Plaintext Host Passwords - Is This Intentional?:

          @amp88 FWIW, there's an open issue on GH dealing with this.

          Ah, thanks for letting me know.

          1 Reply Last reply Reply Quote 0
          • olivierlambertO Online
            olivierlambert Vates 🪐 Co-Founder CEO
            last edited by

            The easiest route would be to create a password on the archive itself, yes. Ping @julien-f that can answer all questions and put some context 🙂

            1 Reply Last reply Reply Quote 0
            • julien-fJ Offline
              julien-f Vates 🪐 Co-Founder XO Team @amp88
              last edited by olivierlambert

              @amp88 said in Exported Xen Orchestra Config Contains Plaintext Host Passwords - Is This Intentional?:

              Shouldn't the password hashes be stored in the .json file (as they appear to be for the users)? Does Xen Orchestra need to store plaintext versions to connect to the hosts?

              No, server passwords cannot be saved as hashes like we do for users, the use cases are completely different:

              1. for users, the password cannot be retrieved from the hashes. However that's not an issue because, when a user logs in, its password is hashed and compared to the stored hash
              2. for servers, we need to send the password itself, not a derived hash to the XCP-ng/XenServer host

              There is no way to securely hide these password except from encrypting them with a password provided by an external source, like a passphrase from the user, which may not be bad idea 🙂

              A 1 Reply Last reply Reply Quote 1
              • A Offline
                amp88 @julien-f
                last edited by

                @julien-f said in Exported Xen Orchestra Config Contains Plaintext Host Passwords - Is This Intentional?:

                @amp88 said in Exported Xen Orchestra Config Contains Plaintext Host Passwords - Is This Intentional?:

                Shouldn't the password hashes be stored in the .json file (as they appear to be for the users)? Does Xen Orchestra need to store plaintext versions to connect to the hosts?

                No, server passwords cannot be saved as hashes like we do for users, the use cases are completely different:

                1. for users, the password cannot be retrieved from the hashes. However that's not an issue because, when a user logs in, its password is hashed and compared to the stored hash
                2. for servers, we need to send the password itself, not a derived hash to the XCP-ng/XenServer host

                There is no way to securely hide these password except from encrypting them with a password provided by an external source, like a passphrase from the user, which may not be bad idea 🙂

                OK, thanks for the explanation. Allowing the user the option to secure the exported configuration with a password would be a welcome addition 🙂

                1 Reply Last reply Reply Quote 1
                • julien-fJ Offline
                  julien-f Vates 🪐 Co-Founder XO Team
                  last edited by

                  FYI, this feature has been released 🙂

                  A A 2 Replies Last reply Reply Quote 2
                  • A Offline
                    Andre @julien-f
                    last edited by

                    Would it be "stupid" to use the hash of the user's (asking for the export) password to encrypt "by default" the export?

                    julien-fJ 1 Reply Last reply Reply Quote 0
                    • A Offline
                      amp88 @julien-f
                      last edited by

                      @julien-f said in Exported Xen Orchestra Config Contains Plaintext Host Passwords - Is This Intentional?:

                      FYI, this feature has been released 🙂

                      Great, and thanks for letting me know 🙂

                      1 Reply Last reply Reply Quote 0
                      • julien-fJ Offline
                        julien-f Vates 🪐 Co-Founder XO Team @Andre
                        last edited by julien-f

                        @Andre said in Exported Xen Orchestra Config Contains Plaintext Host Passwords - Is This Intentional?:

                        Would it be "stupid" to use the hash of the user's (asking for the export) password to encrypt "by default" the export?

                        No, because:

                        1. XO does not the password of the user, just a hash
                        2. The hash cannot be used because it can be regenerated for various reasons (e.g. a change of security settings such as the used algo)
                        1 Reply Last reply Reply Quote 0
                        • akurzawaA Offline
                          akurzawa
                          last edited by

                          https://github.com/vatesfr/xen-orchestra/issues/4472

                          akurzawa created this issue in vatesfr/xen-orchestra

                          closed encrypt xcp-ng root user password in config file #4472

                          1 Reply Last reply Reply Quote 0
                          • jeffmetalJ jeffmetal referenced this topic on
                          • First post
                            Last post