Project

General

Profile

Feature #14995

Hash ~/.ssh/known_hosts by default

Added by tailshark almost 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
11/20/2017
Due date:
% Done:

100%

Feature Branch:
bugfix/14995-hash-ssh-known-hosts
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

Hi!

I've been doing a lot of work over ssh and recently noticed the known_hosts file (which I backup to KeePass) uses the plain text IP entries with associated fingerprints. I do have a concern about a browser bug or creeping exploit (that sneaks around AppArmor somehow) lifting the file and exposing all my server IPs in one hit. Even a "hot laptop theft" could expose them all.

I hashed the file manually for storage with:

ssh-keygen -H -f ~/.ssh/known_hosts

And I've added a config file to the ~/.ssh folder as follows:

mkdir -p ~/.ssh
echo "HashKnownHosts yes" > ~/.ssh/config
chmod 400 ~/.ssh/config

Automatic hashing works as expected.

Should this be a default setting?

I don't see any downside risks to it being a default.

Thanks for everything you guys do btw. I know things can be wrestlemania with practical implementation.

Associated revisions

Revision 022c318d (diff)
Added by intrigeri over 1 year ago

SSH client: enable HashKnownHosts (refs: #14995)

Debian enables HashKnownHosts by default via /etc/ssh/ssh_config
for good reasons, let's not revert to the upstream default.

Revision ca8bfa80
Added by anonym over 1 year ago

Merge remote-tracking branch 'origin/bugfix/14995-hash-ssh-known-hosts' into stable

Fix-committed: #14995

History

#1 Updated by mercedes508 over 1 year ago

  • Assignee set to intrigeri

Letting some devs discuss it further, as I can't judge of the consequences as a simple help deskmember :)

#2 Updated by intrigeri over 1 year ago

  • Description updated (diff)

#3 Updated by intrigeri over 1 year ago

  • Status changed from New to Confirmed
  • Target version set to Tails_3.5
  • Type of work changed from Discuss to Code

Debian enables HashKnownHosts by default via /etc/ssh/ssh_config… but we replace this file with our own, hence reverting to the default upstream setting that's HashKnownHosts no. I'll fix that.

The drawback of enabling HashKnownHosts is about usability: IIRC it breaks ssh <TAB> completion. Outside of Tails arguably it does not matter much as one can use their shell history instead… but in Tails we have no shell history. Anyway, the kind of users who rely on such things can very well add sections about the hosts they frequently connect to to ~/.ssh/config and then I think bash will get the completion right (at least zsh does).

#4 Updated by intrigeri over 1 year ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10
  • Feature Branch set to bugfix/14995-hash-ssh-known-hosts

#5 Updated by intrigeri over 1 year ago

  • Assignee changed from intrigeri to anonym
  • % Done changed from 10 to 50
  • QA Check set to Ready for QA

#6 Updated by anonym over 1 year ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (anonym)
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

Good luck to all Tails users that now will have to learn the rather ssh-keygen -F! :)

#7 Updated by intrigeri over 1 year ago

  • Target version changed from Tails_3.5 to Tails_3.4

#8 Updated by anonym over 1 year ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF