1
0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-25 06:03:36 +03:00
Petr Ospalý 2c36183a21
B OpenNebula/one#4935: Fix hashed known_hosts (#8)
This commit fixes problem when host key is already added in SSH
`known_hosts` file but SSH fails to validate this host key.

NOTE:
This problem manifests only when simulating 'accept-new' feature of the
newer SSH (>v7.6) via 'Match' with 'ssh-keygen -F'.

The cause of this problem is the fact that hostname is stored always
in lowercase even if the hostname had an upcase character.

It means that the record in `known_hosts` file for hostname `ABC`
becomes something like 'abc,10.0.0.10' - which in turn is hashed...

Therefore SSH with `HashKnownHosts=yes` is comparing wrong hashes:
    hash('ABC,10.0.0.10') vs hash('abc,10.0.0.10')

Most likely a bug or an oversight in SSH.

With this option disabled (`HashKnownHosts=no`) both upcased `ABC`
and lowercased `abc` work.

Example with *ENABLED* `HashKnownHosts=yes`:

    [oneadmin@ABC ~] hostname
    ABC
    [oneadmin@ABC ~] rm -f ~/.ssh/known_hosts
    [oneadmin@ABC ~] ssh-keyscan -H $(hostname) >> ~/.ssh/known_hosts
    [oneadmin@ABC ~]$ ssh ABC # this fails
    No ECDSA host key is known for abc and you have requested strict
    checking.
    Host key verification failed.
    [oneadmin@ABC ~]$ ssh abc # this works
    Warning: Permanently added 'abc,10.10.0.41' (ECDSA) to the list
    of known hosts.
    Last login: Mon Jun 15 04:32:38 2020 from ::1
    [oneadmin@ABC ~]$ # success with lowercase hostname

Signed-off-by: Petr Ospalý <pospaly@opennebula.io>
2020-06-18 18:19:31 +02:00
..