Page MenuHomeVyOS Platform
Create Task
Maniphest T2615

Provide an explicit option for server fingerprint in commit archive, and make insecure the default
Closed, ResolvedPublic
Actions

Description

Commit archive over SSH is now a messy affair. As T1866 shows, it cannot handle non-standard ports. However, it also cannot handle non-RSA keys. With elliptic curves rapidly becoming the default, it's even worse.

Disabling fingerprint checking by default sounds sensible: how often do you see spoofing attacks in the wild? There are lots of safeguards against those in place, in every network.

The really messy part is that the script emulates a user, by interacting with ssh. See https://github.com/vyos/vyatta-config-mgmt/blob/current/scripts/vyatta-commit-push.pl#L104

It may be better to provide an explicit fingerprint option for those who are concerned about spoofing attacks.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change
Issue type
Feature (new functionality)

Related Objects
Search...

Event Timeline

dmbaturin created this task.Jun 18 2020, 10:29 PM
c-po added a subscriber: c-po.Jun 25 2020, 3:35 PM

Maybe related to T2596

c-po added a parent task: T2651: Generate CLI abstraction for options passed to CURL and SSH client.Jun 25 2020, 3:38 PM
erkin set Issue type to Feature (new functionality).Aug 30 2021, 5:11 AM
erkin removed a subscriber: Active contributors.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Nov 6 2021, 11:24 AM
erkin claimed this task.Nov 24 2021, 5:07 PM
pasik added a subscriber: pasik.Nov 24 2021, 5:49 PM
erkin closed this task as Resolved.Dec 16 2021, 4:18 PM

The way it's done right now is like this:

  1. Load the system keys (and ~/.ssh/known_hosts if found), then check if the fingerprint is known. If so, quietly continue.
  2. If not, tell the user about it and ask if they want to continue still. If not, abort.
  3. If they do and we found the ~/.ssh/known_hosts in step 1, check if we can write to it. If not, continue.
  4. If so, ask the user if they want to save this new host to the known hosts file. If not, continue.
  5. If they do, record the new host and continue.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.Aug 30 2022, 2:17 PM