bugzilla-daemon at mindrot.org
2014-Oct-14 21:11 UTC
[Bug 2293] New: ssh should have an option to automatically trust a local sshd's host key for a given set of names
https://bugzilla.mindrot.org/show_bug.cgi?id=2293
Bug ID: 2293
Summary: ssh should have an option to automatically trust a
local sshd's host key for a given set of names
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: calestyo at scientia.net
Hi.
I think it would be nice, if there was an option that lets ssh
automatically trust hostkeys from a local sshd for a given set of
names.
One could have e.g. the options:
1) LocalTrustedPublicHostKeyFiles
This would specify the locations of the files, where the public keys
are found.
It could default to every file given in a HostKey directive in
/etc/ssh/sshd_config.
But it should also allow a list of files to be given, just in case
people run more than one sshd on their host, e.g. bound to different
addresses and/or ports,... some in VMs or from "within" a chroot.
2) LocalTrustedHostNames
That should be a list of names for which only the keys from (1) will be
considered valid.
Ideally it should default to anything that one can use to reach the
local sshd's, which may include things like:
127.0.0.0/8
::1
localhost
hostname
hostname.fqdn
If possible also any local v4 and v6 addresses/prefixes, which is
actually a bit tricky, since you may also have things like link local
addresses/prefixes.
Even better it would do that only for addresses/names, where the local
sshd really listens on.
Cheers,
Chris.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Oct-21 01:57 UTC
[Bug 2293] ssh should have an option to automatically trust a local sshd's host key for a given set of names
https://bugzilla.mindrot.org/show_bug.cgi?id=2293 --- Comment #1 from Christoph Anton Mitterer <calestyo at scientia.net> --- I just saw, that NoHostAuthenticationForLocalhost=yes nearly already does what I've asked for. It even works for other names than "localhost", e.g. "ip6-localhost" or "hostname" "hostname.fqdn", so I guess the check, whether a target is localhost, is based on whether it resolves to 127.0.0.0/8 or ::1 , right? 1) I think it would be nice to have it in the manpage, how it actually determines whether a host is local. 2) The only thing what would be missing from what I've asked for above, is that it would also work for addresses (and names resolving to these) that are bound to local interfaces, e.g. if my eth0 listens to 1.2.3.4, then it is accepted as well. But I'm no longer sure myself, whether this would be so smart and secure. The loopback device is defined to really go to the localhost only, but any other addresses my have black magic functionality (e.g. address rewriting). I've reworked the documentation a bit: https://github.com/openssh/openssh-portable/pull/10 Afterwards I think we can close this issue. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Feb-10 06:39 UTC
[Bug 2293] ssh should have an option to automatically trust a local sshd's host key for a given set of names
https://bugzilla.mindrot.org/show_bug.cgi?id=2293
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2782
Status|NEW |RESOLVED
Resolution|--- |FIXED
CC| |djm at mindrot.org
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
I've committed 4f011daa4cad to clean up the
NoHostAuthenticationForLocalhost explanation.
For hosts other than localhost, you can use "Match host" +
UserKnownHostsFile=/dev/null + StrictHostKeyChecking=no
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2782
[Bug 2782] Tracking bug for OpenSSH 7.7 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:08 UTC
[Bug 2293] ssh should have an option to automatically trust a local sshd's host key for a given set of names
https://bugzilla.mindrot.org/show_bug.cgi?id=2293
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 2287] New: AuthorizedKeysCommandUser should have it's default documented
- Require Multiple keys per host
- [Bug 2386] New: TERM env variable is always accepted by sshd, regardless the empty AcceptEnv setting
- [Bug 2311] New: simple attack when control channel muxing is used
- [Bug 3456] New: provide a way to have forwardings killed, when the remote command/shell finishes