Page MenuHomeVyOS Platform

Provide an explicit option for server fingerprint in commit archive, and make insecure the default
Open, Requires assessmentPublic

Description

Commit archive over SSH is now a messy affair. As T1866 shows, it cannot handle non-standard ports. However, it also cannot handle non-RSA keys. With elliptic curves rapidly becoming the default, it's even worse.

Disabling fingerprint checking by default sounds sensible: how often do you see spoofing attacks in the wild? There are lots of safeguards against those in place, in every network.

The really messy part is that the script emulates a user, by interacting with ssh. See https://github.com/vyos/vyatta-config-mgmt/blob/current/scripts/vyatta-commit-push.pl#L104

It may be better to provide an explicit fingerprint option for those who are concerned about spoofing attacks.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change