Skip to content
This repository has been archived by the owner on Nov 1, 2022. It is now read-only.

Verify known_host ssh keys during image build #1283

Merged
merged 1 commit into from
Aug 14, 2018
Merged

Verify known_host ssh keys during image build #1283

merged 1 commit into from
Aug 14, 2018

Conversation

stephenmoloney
Copy link
Contributor

What does this commit/MR do?

  • Verifies the known_hosts match expectations after running a
    ssh-keyscan on the git hosts

Why is this commit/MR needed?

  • To mitigate (albeit unlikely) man-in-middle attacks

@stephenmoloney stephenmoloney mentioned this pull request Aug 11, 2018
Closed
@stephenmoloney
Verify known_host ssh keys during image build
21149b8 
What does this commit/MR do?

- Verifies the known_hosts match expectations after running a
ssh-keyscan on the git hosts

Why is this commit/MR needed?

- To mitigate (albeit unlikely) man-in-middle attacks
@squaremo
Copy link
Member

Cool, thank you. If we're going to check against hard-wired fingerprints, could we just do that locally, and commit the known_hosts file?

@stephenmoloney
Copy link
Contributor Author

Do you mean get rid of RUN ssh-keyscan github.com gitlab.com bitbucket.org >> /etc/ssh/ssh_known_hosts ?

If so, I thought about that and I think it is no harm to leave it there - because it verifies that the keys have not changed - the build should abort if one of the keys has changed which will flag this fact to the user.

Are keys ever changed ? I don't know about that really.

@squaremo
Copy link
Member

If so, I thought about that and I think it is no harm to leave it there - because it verifies that the keys have not changed - the build should abort if one of the keys has changed which will flag this fact to the user.

Yes, that's a good point, we'd want to know if the keys have been changed, either way.

Are keys ever changed ? I don't know about that really.

I cannot find any indication that github changes its keys, but it's considered good practice to do so I believe. 🤷

squaremo
squaremo approved these changes Aug 14, 2018
View reviewed changes
Copy link
Member

@squaremo squaremo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks Stephen!

@squaremo squaremo merged commit c81729e into fluxcd:master Aug 14, 2018
@squaremo
Copy link
Member

(Yes I did go and find the fingerprints myself and check them :-)

@stephenmoloney
Copy link
Contributor Author

😆

@stephenmoloney stephenmoloney deleted the verify-known-host-ssh-keys branch January 2, 2019 11:19
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@squaremo squaremo squaremo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stephenmoloney @squaremo