PVE Cluster Hardening

A

anders_eken

New Member
Mar 13, 2024
1
0
1
The Proxmox VE Cluster uses port 22 (SSH) for data synchronization. In principle, every PVE host in the cluster has equal rights and can connect to every other PVE host in the cluster using SSH. As a result, an attacker who manages to break out of an LXC container or a KVM guest on any PVE host can gain access to the entire PVE cluster as long as they gain access to root's SSH keys. Although this requires some effort and skill from an attacker, this possibility must be taken into account due to the far-reaching consequences of such an attack.

What options and recommendations are there to minimize this attack vector?
 
A cluster is by definition a set of nodes that trust each other.
Even if what you want was possible (its not) - what do you think such attacker would be limited in?
That person can already move VMs around, query them, execute qemu-agent commands, have direct access to API, access/encrypt/delete shared storage.

If someone broke out of LXC/VM and gained root access on a hypervisor host (any hypervisor) - game over.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back