[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#35460: Self supplied SSH host keys

From: rendaw
Subject: bug#35460: Self supplied SSH host keys
Date: Sun, 28 Apr 2019 02:45:43 +0900
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3

Package: guix
Version: 0.16.0
Severity: wishlist

In a disk-image the ssh host keys are generated anew every time the
system boots.  This is a significant security issue - the unknown host
warnings will cause notification blindness and users won't recognize if
the host is legitimately compromised.

There's a workaround involving mounting the disk image (losetup -fP &
mount) after building it and adding the files that way, but it requires
a patch to the openssh service activation procedure to re-reset the file
permissions (they're set to 644 or something by an earlier statement).
I can submit my patch if there's interest.

This is a wishlist bug though since it requires a method to add files
with sensitive contents to the system, which I made another ticket for

reply via email to

[Prev in Thread] Current Thread [Next in Thread]