Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proper ssh knownhosts hostkey checking #75

Merged
merged 2 commits into from
Nov 17, 2022
Merged

Proper ssh knownhosts hostkey checking #75

merged 2 commits into from
Nov 17, 2022

Conversation

kke
Copy link
Contributor

@kke kke commented Nov 16, 2022
edited
Loading

Traditional known_hosts checking:

  1. if h.HostKey is set, use a fixed hostkey checker (should deprecate)
  2. If SSH_KNOWN_HOSTS is set, use it as path. If it's set to /dev/null or "", use InsecureIgnoreHostKey
  3. If ssh_config returns something for UserKnownHostsFile, use it as path
  4. Fall back to ~/.ssh/known_hosts2

When a hostkey is not found from the known hosts file, add it instead of returning an error. Could probably later add some switch for "strict hostkey checking".

As a sidenote, it's slightly amazing that all this is expected to be figured out / done by everyone on their own when using the crypto/ssh library.

@kke kke added the enhancement New feature or request label Nov 17, 2022
@kke kke merged commit c167094 into main Nov 17, 2022
@kke kke deleted the hostkeychecking branch November 17, 2022 07:13
This was referenced Nov 17, 2022
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@kke