Image import and SSH security in Emulab

Cloud providers typically provide compute facilities for their users. It would be very convenient if users’ could import and export their machines with much greater ease to other cloud providers or to their desktops or local machines. Here, we talk about how we’ve enabled users to easily do this with Emulab. Specifically, we’ve implemented image import mechanisms to import machines from cloud providers like OpenStack and EC2 and also any other general regular Linux machine. We also discuss how we’ve implemented a SSH security system in Emulab that helps alleviate some of the security that might be brought in by such imported machines. A man in the middle attack is used in a positive way to enforce specific policies onto SSH connections. By doing this, we can apply additional constraints over incoming SSH connections that may not be enforced by the SSH server. 1 Enabling external image usage for Emulab Infrastructure-as-a-Service providers typically have specialized environments that require specific operating system adjustments to run them. Portability between these various cloud providers is usually lacking. Emulab is a network testbed is designed for users to test their applications with fine grained control for network parameters. With the growing prevalence of cloud platforms like Amazons’ Elastic Cloud Compute(EC2)[1], users of these services would like to bring in their entire stacks running on EC2 and do network specific tests on Emulab. Here, we discuss how we have integrated support for machines running on EC2 and OpenStack in Emulab and how users may import them easily into Emulab, so that they can run finer tests. 1.1 Background Emulab[11] allows you to load various images onto a physical or virtual machine and include them in a network experiment. This feature is quite similar to what various cloud providers give in relation to their compute facilities. However, Emulab provides various additional features, such as the ability to manipulate network topologies and have reproducible network effects.