rsync-time-backup icon indicating copy to clipboard operation
rsync-time-backup copied to clipboard

Published 20 hours ago verified publisher icon laurent22

Question about the ssh parameters

Open thomas-mc-work opened this issue 6 years ago • 5 comments

Why is this part of the ssh command:

… -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'

Wouldn't it be better to let the user configure this in it's ssh_config instead of generally using it and thus weaken the security?

From the man page man ssh_config:

CheckHostIP If this flag is set to “yes”, ssh(1) will additionally check the host IP address in the known_hosts file.

and

UserKnownHostsFile Specifies one or more files to use for the user host key data‐ base, separated by whitespace.

thomas-mc-work avatar Dec 14 '17 12:12 thomas-mc-work

I guess that could indeed be optional although I'm not really familiar with these parameters. @fustundag, do you remember why it was implemented this way?

laurent22 avatar Dec 14 '17 12:12 laurent22

@laurent22 If host key changed ( not public/private key, ssh access is stili valid) backup cloud be failed. I choose this option to prevent this fail.

We can change to decide user this ssh config.

fustundag avatar Dec 14 '17 13:12 fustundag

Also it's becomes permanent warning:

Warning: Permanently added 'domain' (ECDSA) to the list of known hosts.

that falls to stdout.

Loki3000 avatar Apr 06 '18 10:04 Loki3000

The scenario is: Every host has a pubplic/private key pair which allows you to identify it distinctly. The keys are stored in your ~/.ssh/known_hosts file once confirmed. From this time every connection attempts is being compared to the stored key and thus checked whether the remote keys has changed. This shall indicate that something unwanted has happened to your remote machine – aiming to detect a sever breach.

Having this option included by default prevents the host validation check done by the SSH client and thus undermines an important security feature. I think it would be better to remove it and let each user decide to opt in if required (by using --rsync-set-flags).

@Loki3000

Also it's becomes permanent warning:

This should only happen if you only have the second part enabled (-o UserKnownHostsFile=/dev/null). This leads to discarding all discovered keys and thus trying to add it again on every new connection.

thomas-mc-work avatar Apr 06 '18 12:04 thomas-mc-work

This should only happen if you only have the second part enabled

I know. But it's enabled by default. And there is no way to disable it without code modification.

Loki3000 avatar Apr 06 '18 12:04 Loki3000