From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:470:142:3::10]:39687) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1icFXd-0000km-KT for guix-patches@gnu.org; Tue, 03 Dec 2019 16:17:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1icFXb-0002fi-2A for guix-patches@gnu.org; Tue, 03 Dec 2019 16:17:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:35170) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1icFXa-0002ez-PS for guix-patches@gnu.org; Tue, 03 Dec 2019 16:17:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1icFXa-00075c-L8 for guix-patches@gnu.org; Tue, 03 Dec 2019 16:17:02 -0500 Subject: [bug#38478] [PATCH 3/4] ssh: 'open-ssh-session' can be passed the expected host key. Resent-Message-ID: From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Tue, 3 Dec 2019 22:15:56 +0100 Message-Id: <20191203211557.21145-3-ludo@gnu.org> In-Reply-To: <20191203211557.21145-1-ludo@gnu.org> References: <20191203211557.21145-1-ludo@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 38478@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= * guix/ssh.scm (open-ssh-session): Add #:host-key parameter. Pass #:knownhosts to 'make-session'. When HOST-KEY is true, call 'authenticate-server*' instead of 'authenticate-server'. --- guix/ssh.scm | 39 +++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/guix/ssh.scm b/guix/ssh.scm index 519c723155..291ce20b61 100644 --- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -98,14 +98,20 @@ actual key does not match." key type)))))))) (define* (open-ssh-session host #:key user port identity + host-key (compression %compression) (timeout 3600)) "Open an SSH session for HOST and return it. IDENTITY specifies the file name of a private key to use for authenticating with the host. When USER, PORT, or IDENTITY are #f, use default values or whatever '~/.ssh/config' -specifies; otherwise use them. Install TIMEOUT as the maximum time in seconds -after which a read or write operation on a channel of the returned session is -considered as failing. +specifies; otherwise use them. + +When HOST-KEY is true, it must be a string like \"ssh-ed25519 AAAAC3Nz… +root@example.org\"; the server is authenticated and an error is raised if its +host key is different from HOST-KEY. + +Install TIMEOUT as the maximum time in seconds after which a read or write +operation on a channel of the returned session is considered as failing. Throw an error on failure." (let ((session (make-session #:user user @@ -115,6 +121,11 @@ Throw an error on failure." #:timeout 10 ;seconds ;; #:log-verbosity 'protocol + ;; Prevent libssh from reading + ;; ~/.ssh/known_hosts when the caller provides + ;; a HOST-KEY to match against. + #:knownhosts (and host-key "/dev/null") + ;; We need lightweight compression when ;; exchanging full archives. #:compression compression @@ -125,16 +136,20 @@ Throw an error on failure." (match (connect! session) ('ok - ;; Authenticate against ~/.ssh/known_hosts. - (match (authenticate-server session) - ('ok #f) - (reason - (raise (condition - (&message - (message (format #f (G_ "failed to authenticate \ + (if host-key + ;; Make sure the server's key is what we expect. + (authenticate-server* session host-key) + + ;; Authenticate against ~/.ssh/known_hosts. + (match (authenticate-server session) + ('ok #f) + (reason + (raise (condition + (&message + (message (format #f (G_ "failed to authenticate \ server at '~a': ~a") - (session-get session 'host) - reason))))))) + (session-get session 'host) + reason)))))))) ;; Use public key authentication, via the SSH agent if it's available. (match (userauth-public-key/auto! session) -- 2.24.0