aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2019-12-03 21:41:54 +0100
committerLudovic Courtès <ludo@gnu.org>2019-12-04 18:16:08 +0100
commitf5c180180e848b83d8ccdf6015cd7f214372d599 (patch)
treecd68ee866cd7732f458e31e193c6d9cddaf7fe06
parent114dcb429a812911633a9fe5a9ee7d70dd28b353 (diff)
downloadpatches-f5c180180e848b83d8ccdf6015cd7f214372d599.tar
patches-f5c180180e848b83d8ccdf6015cd7f214372d599.tar.gz
ssh: Always authenticate the server [security fix].
Until now, users of 'open-ssh-session', including "guix deploy" and "GUIX_DAEMON_SOCKET=ssh://…" (but not "guix offload"), would not authenticate the SSH server they're talking to. * guix/ssh.scm (open-ssh-session): Call 'authenticate-server'.
-rw-r--r--guix/ssh.scm11
1 files changed, 11 insertions, 0 deletions
diff --git a/guix/ssh.scm b/guix/ssh.scm
index f34e71392b..519c723155 100644
--- a/guix/ssh.scm
+++ b/guix/ssh.scm
@@ -125,6 +125,17 @@ Throw an error on failure."
(match (connect! session)
('ok
+ ;; Authenticate against ~/.ssh/known_hosts.
+ (match (authenticate-server session)
+ ('ok #f)
+ (reason
+ (raise (condition
+ (&message
+ (message (format #f (G_ "failed to authenticate \
+server at '~a': ~a")
+ (session-get session 'host)
+ reason)))))))
+
;; Use public key authentication, via the SSH agent if it's available.
(match (userauth-public-key/auto! session)
('success