LibGit2: patch to pass hostkey & port to host verify callback #39324
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
StefanKarpinski
force-pushed
the
sk/libgit2-hostkey-patch
branch
from
d5183c3 to
dafb4d4
Compare
StefanKarpinski
changed the title
Fixes #38777. Might fix JuliaLang/Pkg.jl#2334. It seems likely no one actually verifies SSH host identity with libgit2 because the callback doesn't give enough information do so correctly: - It doesn't give the actual host key fingerprint, but rather three different hashes thereof; this means we cannot distinguish a known hosts entry that has a different type (`ssh-rsa`, `ssh-dsa`, etc.) versus an entry with a matching type and a fingerprint mismatch. The former should be treated as an unknown host whereas the latter is a host key mismatch; they cananot be distinguished with this patch. - If the user connects on a non-default port (i.e. not 22), this is not passed to the callback in any way. Since there can be different known host entries for different ports and they should be treated as distinct, this also means the current API cannot be used to verify hosts serving SSH on non-standard ports. This patch passes the port. I will try to upstream some version of this patch to libgit2. The same patch has already been applied to the LibGit2 JLL.
StefanKarpinski
force-pushed
the
sk/libgit2-hostkey-patch
branch
from
dafb4d4 to
9130cc4
Compare
StefanKarpinski
added
the
backport 1.6
KristofferC
pushed a commit
that referenced
this pull request
Jan 22, 2021
It seems that no one actually verifies SSH host identity with libgit2 because the callback doesn't give enough information do so correctly: - It doesn't give the actual host key fingerprint, but rather three different hashes thereof. This means we cannot distinguish a known hosts entry that has a different type (`ssh-rsa`, `ssh-dsa`, etc.) from an entry with a matching type and a fingerprint mismatch: the former should be treated as an unknown host whereas the latter is a host key mismatch; they cannot be distinguished without this patch. - If the user connects on a non-default port (i.e. not 22), this is not passed to the callback in any way. Since there can be different known host entries for different ports and they should be treated as distinct, this also means the current API cannot be used to verify hosts serving SSH on non-standard ports. This patch passes the port. I will try to upstream some version of this patch to libgit2. The same patch has already been applied to the LibGit2 JLL. Fixes #38777. Might fix JuliaLang/Pkg.jl#2334. (cherry picked from commit 2b13234)
KristofferC
pushed a commit
that referenced
this pull request
Feb 1, 2021
It seems that no one actually verifies SSH host identity with libgit2 because the callback doesn't give enough information do so correctly: - It doesn't give the actual host key fingerprint, but rather three different hashes thereof. This means we cannot distinguish a known hosts entry that has a different type (`ssh-rsa`, `ssh-dsa`, etc.) from an entry with a matching type and a fingerprint mismatch: the former should be treated as an unknown host whereas the latter is a host key mismatch; they cannot be distinguished without this patch. - If the user connects on a non-default port (i.e. not 22), this is not passed to the callback in any way. Since there can be different known host entries for different ports and they should be treated as distinct, this also means the current API cannot be used to verify hosts serving SSH on non-standard ports. This patch passes the port. I will try to upstream some version of this patch to libgit2. The same patch has already been applied to the LibGit2 JLL. Fixes #38777. Might fix JuliaLang/Pkg.jl#2334. (cherry picked from commit 2b13234)
ElOceanografo
pushed a commit
to ElOceanografo/julia
that referenced
this pull request
May 4, 2021
…ang#39324) It seems that no one actually verifies SSH host identity with libgit2 because the callback doesn't give enough information do so correctly: - It doesn't give the actual host key fingerprint, but rather three different hashes thereof. This means we cannot distinguish a known hosts entry that has a different type (`ssh-rsa`, `ssh-dsa`, etc.) from an entry with a matching type and a fingerprint mismatch: the former should be treated as an unknown host whereas the latter is a host key mismatch; they cannot be distinguished without this patch. - If the user connects on a non-default port (i.e. not 22), this is not passed to the callback in any way. Since there can be different known host entries for different ports and they should be treated as distinct, this also means the current API cannot be used to verify hosts serving SSH on non-standard ports. This patch passes the port. I will try to upstream some version of this patch to libgit2. The same patch has already been applied to the LibGit2 JLL. Fixes JuliaLang#38777. Might fix JuliaLang/Pkg.jl#2334.
antoine-levitt
pushed a commit
to antoine-levitt/julia
that referenced
this pull request
May 9, 2021
…ang#39324) It seems that no one actually verifies SSH host identity with libgit2 because the callback doesn't give enough information do so correctly: - It doesn't give the actual host key fingerprint, but rather three different hashes thereof. This means we cannot distinguish a known hosts entry that has a different type (`ssh-rsa`, `ssh-dsa`, etc.) from an entry with a matching type and a fingerprint mismatch: the former should be treated as an unknown host whereas the latter is a host key mismatch; they cannot be distinguished without this patch. - If the user connects on a non-default port (i.e. not 22), this is not passed to the callback in any way. Since there can be different known host entries for different ports and they should be treated as distinct, this also means the current API cannot be used to verify hosts serving SSH on non-standard ports. This patch passes the port. I will try to upstream some version of this patch to libgit2. The same patch has already been applied to the LibGit2 JLL. Fixes JuliaLang#38777. Might fix JuliaLang/Pkg.jl#2334.
staticfloat
pushed a commit
that referenced
this pull request
Dec 23, 2022
It seems that no one actually verifies SSH host identity with libgit2 because the callback doesn't give enough information do so correctly: - It doesn't give the actual host key fingerprint, but rather three different hashes thereof. This means we cannot distinguish a known hosts entry that has a different type (`ssh-rsa`, `ssh-dsa`, etc.) from an entry with a matching type and a fingerprint mismatch: the former should be treated as an unknown host whereas the latter is a host key mismatch; they cannot be distinguished without this patch. - If the user connects on a non-default port (i.e. not 22), this is not passed to the callback in any way. Since there can be different known host entries for different ports and they should be treated as distinct, this also means the current API cannot be used to verify hosts serving SSH on non-standard ports. This patch passes the port. I will try to upstream some version of this patch to libgit2. The same patch has already been applied to the LibGit2 JLL. Fixes #38777. Might fix JuliaLang/Pkg.jl#2334. (cherry picked from commit 2b13234)
|
I have created an upstream PR for this: libgit2/libgit2#6503 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It seems that no one actually verifies SSH host identity with libgit2
because the callback doesn't give enough information do so correctly:
It doesn't give the actual host key fingerprint, but rather three
different hashes thereof. This means we cannot distinguish a known
hosts entry that has a different type (
ssh-rsa,ssh-dsa, etc.)from an entry with a matching type and a fingerprint mismatch: the
former should be treated as an unknown host whereas the latter is a
host key mismatch; they cannot be distinguished without this patch.
If the user connects on a non-default port (i.e. not 22), this is not
passed to the callback in any way. Since there can be different known
host entries for different ports and they should be treated as
distinct, this also means the current API cannot be used to verify
hosts serving SSH on non-standard ports. This patch passes the port.
I will try to upstream some version of this patch to libgit2. The same
patch has already been applied to the LibGit2 JLL.