[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#38478] [PATCH 0/4] "guix deploy" authenticates SSH servers [securit

From: Ludovic Courtès
Subject: [bug#38478] [PATCH 0/4] "guix deploy" authenticates SSH servers [security]
Date: Tue, 3 Dec 2019 22:09:58 +0100


This series allow users to specify the remote host key in
<machine-ssh-configuration> used for “guix deploy”, so you
can have that under version control and entirely managed by
Guix, like “guix offload” does.

The second patch fixes a security issue: ‘open-ssh-session’ from
(guix ssh), which is used by “guix deploy” and support for
“GUIX_DAEMON_SOCKET=ssh://…” in (guix store ssh), would not
authenticate the server it’s talking to.

Feedback welcome!


Ludovic Courtès (4):
  ssh: Add 'authenticate-server*' and use it for offloading.
  ssh: Always authenticate the server [security fix].
  ssh: 'open-ssh-session' can be passed the expected host key.
  machine: ssh: <machine-ssh-configuration> can include the host key.

 doc/guix.texi            | 12 +++++++
 gnu/machine/ssh.scm      |  9 ++++--
 guix/scripts/offload.scm | 30 ++---------------
 guix/ssh.scm             | 69 ++++++++++++++++++++++++++++++++++++++--
 4 files changed, 87 insertions(+), 33 deletions(-)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]