Please sign in to comment.
ssh: require host key checking in the ClientConfig
This change breaks existing behavior. Before, a missing ClientConfig.HostKeyCallback would cause host key checking to be disabled. In this configuration, establishing a connection to any host just works, so today, most SSH client code in the wild does not perform any host key checks. This makes it easy to perform a MITM attack: * SSH installations that use keyboard-interactive or password authentication can be attacked with MITM, thereby stealing passwords. * Clients that use public-key authentication with agent forwarding are also vulnerable: the MITM server could allow the login to succeed, and then immediately ask the agent to authenticate the login to the real server. * Clients that use public-key authentication without agent forwarding are harder to attack unnoticedly: an attacker cannot authenticate the login to the real server, so it cannot in general present a convincing server to the victim. Now, a missing HostKeyCallback will cause the handshake to fail. This change also provides InsecureIgnoreHostKey() and FixedHostKey(key) as ready made host checkers. A simplistic parser for OpenSSH's known_hosts file is given as an example. This change does not provide a full-fledged parser, as it has complexity (wildcards, revocation, hashed addresses) that will need further consideration. When introduced, the host checking feature maintained backward compatibility at the expense of security. We have decided this is not the right tradeoff for the SSH library. Fixes golang/go#19767 Change-Id: I45fc7ba9bd1ea29c31ec23f115cdbab99913e814 Reviewed-on: https://go-review.googlesource.com/38701 Run-TryBot: Han-Wen Nienhuys <firstname.lastname@example.org> TryBot-Result: Gobot Gobot <email@example.com> Reviewed-by: Brad Fitzpatrick <firstname.lastname@example.org>
- Loading branch information...
Showing with 193 additions and 30 deletions.
- +3 −1 ssh/agent/client_test.go
- +8 −7 ssh/agent/example_test.go
- +3 −1 ssh/agent/server_test.go
- +1 −1 ssh/certs.go
- +49 −4 ssh/client.go
- +16 −3 ssh/client_auth_test.go
- +42 −0 ssh/client_test.go
- +3 −0 ssh/doc.go
- +54 −3 ssh/example_test.go
- +4 −6 ssh/handshake.go
- +1 −0 ssh/handshake_test.go
- +7 −3 ssh/session_test.go
- +2 −1 ssh/test/cert_test.go
Oops, something went wrong.