Here is a brief rundown of some important security issues you should be
We require all Emulab users to provide current, non-pseudonymic login
IDs. Shared accounts are strictly forbidden! Each user should apply
separately and specify their standard login name.
your login name. Therefore, you will need to enable cookies on your
browser. Please contact us if you have questions about how to do that in
To protect data you submit, SSL is used to encrypt data as it is
transferred across the Internet. Therefore, you will need to access these
pages with a browser that supports SSL.
When you first visit Emulab, you might be asked if you want to accept the
server certificate. Be sure to accept it!
We require all users to use Secure Shell (SSH) to log into Emulab
nodes. Experience has taught us a few things about managing keys which we
will pass on to you at no extra charge:
You should not store your Emulab public key (.ssh/identity.pub) in
your authorized_keys file on remote sites. This prevents easy logins
from Emulab to your remote sites in case your Emulab account is ever
compromised (since the Emulab generated private key is not protected by
You should not mess with the Emulab generated key in your .ssh
directory (.ssh/identity). This is an unencrypted key (see above) that
is used by Emulab when setting up experiments. You should not delete
the public part of the key from the web interface either. Failure to
heed this warning will result in experiments not setting up properly!
We recommend that you use ssh's RSA authentication to login to Emulab
so that you do not have to type your password. The less often you type
your password the better! You do this by uploading your own public keys
When you create your private keys (ssh-keygen), pick a good passphrase!
They can be (much) longer than Unix passwords; 10 to 30 character
phrases are good.
You should not copy ssh identity files (private keys) from other
places to Emulab (or any other off-site machine, for that
matter). Private keys should always be well protected!
We require all Emulab users to provide current, non-pseudonymic email
addresses. Redirections and anonymous email addresses are not allowed. We
do not sell or give your email addresses away!
We employ a password checking library to prevent users from choosing
passwords that could be guessed by the "Crack" library. A few basic rules
are that standard English dictionary words are not permitted, as well as
anything deemed too short or easily guessable. Also, you should take care
not to use the same password on Emulab that you use at other sites.
Emulab blocks incoming connections to nodes on all of the low numbered
ports (ports below 1024), with the exception of ports 20 and 21 (FTP), 22
(Secure Shell), and 80 (HTTP). This is for the protection of experimenters,
as well help prevent an errant application from becoming the source of a
Denial of Service attack to sites outside of Emulab. If your application
requires external access to other low numbered ports, please contact us to
make special arrangements.
Emulab also prevents machines from using IP and MAC addresses other than
their own on the control net. The control net router blocks all traffic not
originating from the proper subnet, both to prevent IP spoofing and to
prevent experimental traffic from accidentally making it to the 'real
world' (say, through routing misconfiguration.) These restrictions are not
present on the experimental net.
Ports used by Emulab
If you wish to do firewalling of your own on your nodes, you should be
aware that there are several ports used by Emulab that you'll need to keep
open if you want your nodes to be able to function as "normal" Emulab
In the table below, a direction of 'out' means that your node needs to be
able to make outgoing TCP connections to a port, 'in' means that it needs
to accept incoming connections on a port, and 'both' indicates UDP ports on
which you must be able to send out packets and receive the replies.
ssh in from boss to reboot nodes
DNS queries and replies
NFS portmapper (rpcbind)
NFS mount daemon (mountd)
Emulab node configuration (tmcd)
NFS locking (lockd)
Emulab node monitor (slothd)
pubsub event system
For some storage related services (e.g., loading of image-backed datasets or tarballs), you will also need to allow the Emulab imaging services (frisbee):
frisbee master server
We make use of Unix user and group mechanisms to provide protection between
users and projects. Each new user gets a new Unix UID, and each new project
gets a new Unix GID. Users are members of the Unix groups that correspond
to each of the projects they are working on, and thus may share files with
other members of those projects. The default directory permissions are set
so that project files are not readable by members of other projects.
Each project gets its own directory hierarchy (again, protected by the Unix
group mechanism) that is NFS-exported only to that project's assigned test
machines. We don't currently protect against spoofing on the control
network, so there are vulnerabilities. The test networks are fully
separated between experiments by way of VLANs.