bugzilla-daemon at mindrot.org
2015-May-18 01:16 UTC
[Bug 2400] New: StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Bug ID: 2400
Summary: StrictHostKeyChecking=no behaviour on HOST_CHANGED is
excessively insecure
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: mik at miknet.net
The legacy behaviour of StrictHostKeyChecking=no involves allowing
connections even if the host key has changed. What most deployments
want when they set this is just TOFU.
It is common for batch processing and cluster systems to deploy with
this option permanently set, completely undermining the security of
such systems - for example, an attacker could intercept a data
processing stage to steal a copy of all of the private data.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-May-18 06:05 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
mik at miknet.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mik at miknet.net
--- Comment #1 from mik at miknet.net --->From the man page:
If this flag is set to ?no?, ssh will automatically add new host keys
to the user known hosts files.
No mention of the HOST_CHANGED behaviour, so even somebody who mostly
knows what they're doing is likely to get it wrong. Most people who
use this option are better off with certificates now (or
StrictHostKeyChecking=yes + ssh-keyscan).
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-May-22 05:11 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Blocks| |2403
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Aug-11 12:59 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2443
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Retarget pending bugs to openssh-7.1
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-Aug-11 13:00 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|2403 |
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-Aug-13 05:39 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400 --- Comment #3 from mik at miknet.net --- Created attachment 2682 --> https://bugzilla.mindrot.org/attachment.cgi?id=2682&action=edit Patch against ssh_config(5) -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Aug-21 10:56 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2451
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Aug-21 10:58 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|2443 |
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2443
[Bug 2443] Bugs intended to be fixed for OpenSSH 7.1
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Feb-26 03:44 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400 --- Comment #4 from Damien Miller <djm at mindrot.org> --- Retarget to openssh-7.3 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Feb-26 03:45 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2543
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2543
[Bug 2543] Tracking bug for OpenSSH 7.3 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Feb-26 03:47 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|2451 |
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Retarget to openssh-7.3
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Mar-04 03:18 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2682|0 |1
is obsolete| |
Status|NEW |ASSIGNED
Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
Created attachment 2794
--> https://bugzilla.mindrot.org/attachment.cgi?id=2794&action=edit
add StrictHpstkeyChecking=accept-new|off
This adds a couple more granular options to StrictHostkeyChecking:
"accept-new" (better name wanted) and "off".
StrictHostkeyChecking=off is the current behaviour of "no".
StrictHostkeyChecking=accept-new will accept new hostkeys without
prompting but will disconnect for changed hostkeys.
If this goes in then we can make StrictHostkeyChecking=no a synonym for
accept-new at some future time (and with forewarning).
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Mar-04 03:18 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2794|add |add
description|StrictHpstkeyChecking=accep |StrictHostkeyChecking=accep
|t-new|off |t-new|off
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Mar-04 07:55 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Jim Knoble <jmknoble at pobox.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jmknoble at pobox.com
--- Comment #7 from Jim Knoble <jmknoble at pobox.com> ---
Instead of "accept-new", how about
"StrictHostkeyChecking=known-only"
or "known-hosts" or similar? That is more obvious about which host
keys
are strict (and "known-hosts" implies the file of a similar name where
such keys are stored...).
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jul-22 04:10 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400 --- Comment #8 from Damien Miller <djm at mindrot.org> --- retarget unfinished bugs to next release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jul-22 04:14 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2594
--- Comment #9 from Damien Miller <djm at mindrot.org> ---
retarget unfinished bugs to next release
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2594
[Bug 2594] Tracking bug for OpenSSH 7.4 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jul-22 04:15 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400 --- Comment #10 from Damien Miller <djm at mindrot.org> --- retarget unfinished bugs to next release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jul-22 04:17 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400 --- Comment #11 from Damien Miller <djm at mindrot.org> --- retarget unfinished bugs to next release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jul-22 04:19 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|2543 |
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2543
[Bug 2543] Tracking bug for OpenSSH 7.3 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Dec-16 03:31 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2647
--- Comment #12 from Damien Miller <djm at mindrot.org> ---
OpenSSH 7.4 release is closing; punt the bugs to 7.5
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2647
[Bug 2647] Tracking bug for OpenSSH 7.5 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Dec-16 03:33 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|2594 |
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2594
[Bug 2594] Tracking bug for OpenSSH 7.4 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jun-30 03:43 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2698
--- Comment #13 from Damien Miller <djm at mindrot.org> ---
Move incomplete bugs to openssh-7.6 target since 7.5 shipped a while
back.
To calibrate expectations, there's little chance all of these are going
to make 7.6.
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2698
[Bug 2698] Tracking bug for OpenSSH 7.6 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jun-30 03:44 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400 --- Comment #14 from Damien Miller <djm at mindrot.org> --- remove 7.5 target -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jun-30 03:45 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|2647 |
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2647
[Bug 2647] Tracking bug for OpenSSH 7.5 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Sep-01 06:20 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2794|0 |1
is obsolete| |
--- Comment #15 from Damien Miller <djm at mindrot.org> ---
Created attachment 3049
--> https://bugzilla.mindrot.org/attachment.cgi?id=3049&action=edit
updated to -current
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Sep-03 23:39 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400 --- Comment #16 from Damien Miller <djm at mindrot.org> --- Patch is applied; will be in openssh-7.6 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Sep-22 03:29 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2782
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2782
[Bug 2782] Tracking bug for OpenSSH 7.7 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Sep-22 03:32 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|2698 |
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2698
[Bug 2698] Tracking bug for OpenSSH 7.6 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-06 03:09 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2852
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2852
[Bug 2852] Tracking bug for OpenSSH 7.8 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-06 03:12 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|2782 |
--- Comment #17 from Damien Miller <djm at mindrot.org> ---
Move to OpenSSH 7.8 tracking bug
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2782
[Bug 2782] Tracking bug for OpenSSH 7.7 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Jun-08 03:49 UTC
[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3049|0 |1
is obsolete| |
--- Comment #18 from Damien Miller <djm at mindrot.org> ---
Created attachment 3159
--> https://bugzilla.mindrot.org/attachment.cgi?id=3159&action=edit
flip meaning of StrictHostKeyChecking=no
The only thing remaining in this bug is to change the meaning of
StrictHostKeyChecking=no from accepting changed host keys (with
restrictions) to refusing them. We'll wait a few more releases before
committing this.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Jun-08 03:50 UTC
[Bug 2400] Fully refuse changed hostkeys when StrictHostKeyChecking=no
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|2852 |
Summary|StrictHostKeyChecking=no |Fully refuse changed
|behaviour on HOST_CHANGED |hostkeys when
|is excessively insecure |StrictHostKeyChecking=no
--- Comment #19 from Damien Miller <djm at mindrot.org> ---
Remove release target for now
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2852
[Bug 2852] Tracking bug for OpenSSH 7.8 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Jun-01 22:09 UTC
[Bug 2400] Fully refuse changed hostkeys when StrictHostKeyChecking=no
https://bugzilla.mindrot.org/show_bug.cgi?id=2400
frederik-openssh at ofb.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |3176
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3176
[Bug 3176] can't figure out how to test StrictHostKeyChecking
accept-new
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- [Bug 2501] New: VerifyHostKeyDNS & StrictHostKeyChecking
- [Bug 2439] New: New sha256-base64 SSH Fingerprints in openssh-6.8
- [Bug 2440] New: X11 connection will fail if user's home directory is read-only
- [Bug 2158] New: Race condition in receiving SIGTERM
- [Bug 2576] New: ssh-agent enters busy loop when running out of fds