vpsadmin icon indicating copy to clipboard operation
vpsadmin copied to clipboard

Published 20 hours ago verified publisher icon vpsfreecz

Show the host's SSH public key fingerprint in VPS details

Open martin-sucha opened this issue 2 years ago • 4 comments

When first connecting to newly created VPS, it would be nice to have fingerprints of all host's public keys displayed in VPS details so that I can verify that I'm connecting to the correct machine.

martin-sucha avatar May 09 '22 17:05 martin-sucha

This could be done on newly created VPS, where we know that SSH is running on the assigned IP and port 22. But... although probably nobody does this, users can change their host keys. vpsAdmin would then show incorrect fingerprints. Similarly, users can change SSH port or setup firewall to protect it, so vpsAdmin might not be able to fetch those keys again to correct itself. While we could read /etc/ssh_host_* files from the VPS directly to avoid networking, users can relocate these files...

So, we could try to refresh the fingerprints regularly, or provide a button for it... and be able to report when the keys cannot be accessed. Not sure which way would be better yet.

aither64 avatar May 10 '22 07:05 aither64

I think it's similar to the function that allows you to add your public key to authorized_keys - that also assumes you are running OpenSSH and that you haven't changed the path where the server looks for the keys. As you wrote, users probably don't change the host keys often, so from my POV just reading /etc/ssh_host_* files would work well if we also print the time when we last read them with a button to refresh.

If we can't read the files, we can just show error message and the user can fallback to using terminal to get the host keys if they want.

Displaying the host key fingerprints right next to the ssh command used to connect to the new machine would still be nice as I don't expect many users to check the fingerprints if they have to go through the terminal, while you are more likely to verify the fingerprint if you just have it available.

Another option could be to generate a SSH certificate authority per user and sign the host keys that are generated when the machine is created with this CA. However, this has some privacy implications as you'd be able to tell from outside that some machines belong to the same user so I don't like this option.

martin-sucha avatar May 11 '22 05:05 martin-sucha

Rather than implementing features for what I think is negligible % of users (in 12 years first proposal for such a feature), I'd suggest using Remote Console for first contact with the VPS. Just my $.02.

edit: that's not a dismissal, just my personal opinion, it's up to @aither64 to decide anyway :D

snajpa avatar May 11 '22 08:05 snajpa

I think it's also good to teach new users that this fingerprint thing is something they can verify, instead of just skipping it. Let's keep this issue open, I don't know when I'll get to it to implement it, but it'd be nice to have. Thank you for your input @martin-sucha, I think we'll read those files periodically, just like we check VPS hostname, etc.

aither64 avatar May 11 '22 08:05 aither64

It's been a while, but it is on the way. SSH host keys are read after every VPS restart and also once every hour. For now it's deployed only on node1.stg and host keys are shown in VPS details in vpsAdmin, just below SSH connection info. I expect to deploy it to the rest of the cluster in a few days.

aither64 avatar Apr 16 '23 14:04 aither64