Skip to main content



HDInsight and WebSSH Security Issue

This post relates to an unpublished 'feature' of Microsoft Azure HDInsight Linux clusters that is misconfigured such that it allows users to obtain root access to clusters without having knowledge of the 'admin' account name or password via a web console.

I originally raised this with Microsoft Support around the end of October / beginning of November 2016. Initially, support informed me that they had discussed it with the product team and that the security issue that I was reporting was not a security issue because:

The security boundary of HDInsight is the Virtual Network (VNET) and The clusters are only intended for single user tenancy (ironically a MSFT Cloud Data Solution Architect recently said to me that HDInsight fully supports multiple users - which I guess is sort of true now with secure clusters being in preview).  Eventually they agreed that it was indeed an issue and disabled the feature on all new clusters as an interim measure.

This post has b…

Latest posts

KVM Automation

Simple way to run the beeline client on a Kerberised Hadoop cluster

Simple way to kinit as a Hadoop system user with CDH

How to fix SemanticException No valid privileges error when creating a database with Hive

How to fix the SSH Key Errors with dcli on an Oracle BDA Hadoop Cluster

How to Determine the Location on HDFS of a Hive Database or Table

How to connect to a Kerberised CDH Hadoop Cluster from Oracle SQL Developer

Spark unable to see tables/dbs in the metastore when using the Cloudera (CDH) Quickstart Docker image

HDInsight Cluster Scaling

Installing Hue on an Azure HDInsight 3.5 Cluster