unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#38478] [PATCH 0/4] "guix deploy" authenticates SSH servers [security]
@ 2019-12-03 21:09 Ludovic Courtès
  2019-12-03 21:15 ` [bug#38478] [PATCH 1/4] ssh: Add 'authenticate-server*' and use it for offloading Ludovic Courtès
  0 siblings, 1 reply; 10+ messages in thread
From: Ludovic Courtès @ 2019-12-03 21:09 UTC (permalink / raw)
  To: 38478; +Cc: Ludovic Courtès

Hi!

This series allow users to specify the remote host key in
<machine-ssh-configuration> used for “guix deploy”, so you
can have that under version control and entirely managed by
Guix, like “guix offload” does.

The second patch fixes a security issue: ‘open-ssh-session’ from
(guix ssh), which is used by “guix deploy” and support for
“GUIX_DAEMON_SOCKET=ssh://…” in (guix store ssh), would not
authenticate the server it’s talking to.

Feedback welcome!

Ludo’.

Ludovic Courtès (4):
  ssh: Add 'authenticate-server*' and use it for offloading.
  ssh: Always authenticate the server [security fix].
  ssh: 'open-ssh-session' can be passed the expected host key.
  machine: ssh: <machine-ssh-configuration> can include the host key.

 doc/guix.texi            | 12 +++++++
 gnu/machine/ssh.scm      |  9 ++++--
 guix/scripts/offload.scm | 30 ++---------------
 guix/ssh.scm             | 69 ++++++++++++++++++++++++++++++++++++++--
 4 files changed, 87 insertions(+), 33 deletions(-)

-- 
2.24.0

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2019-12-07  0:06 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-12-03 21:09 [bug#38478] [PATCH 0/4] "guix deploy" authenticates SSH servers [security] Ludovic Courtès
2019-12-03 21:15 ` [bug#38478] [PATCH 1/4] ssh: Add 'authenticate-server*' and use it for offloading Ludovic Courtès
2019-12-03 21:15   ` [bug#38478] [PATCH 2/4] ssh: Always authenticate the server [security fix] Ludovic Courtès
2019-12-03 21:15   ` [bug#38478] [PATCH 3/4] ssh: 'open-ssh-session' can be passed the expected host key Ludovic Courtès
2019-12-03 21:15   ` [bug#38478] [PATCH 4/4] machine: ssh: <machine-ssh-configuration> can include the " Ludovic Courtès
2019-12-04 13:19     ` Jakob L. Kreuze
2019-12-04 17:33       ` Ludovic Courtès
2019-12-06  0:50         ` Jakob L. Kreuze
2019-12-06 12:16           ` Ludovic Courtès
2019-12-07  0:04             ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).