From patchwork Tue Dec  3 21:09:58 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
X-Patchwork-Id: 16362
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 362B117835; Tue,  3 Dec 2019 21:42:51 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTP id F217D1782E
	for <patchwork@mira.cbaines.net>; Tue,  3 Dec 2019 21:42:50 +0000 (GMT)
Received: from localhost ([::1]:59104 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>)
	id 1icFwW-0003R5-Fd
	for patchwork@mira.cbaines.net; Tue, 03 Dec 2019 16:42:49 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:56255)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1icFRu-0006h2-HR
 for guix-patches@gnu.org; Tue, 03 Dec 2019 16:11:12 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1icFRo-0004r2-Ht
 for guix-patches@gnu.org; Tue, 03 Dec 2019 16:11:07 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:35154)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1icFRo-0004mN-Da
 for guix-patches@gnu.org; Tue, 03 Dec 2019 16:11:04 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1icFRm-0006vQ-99
 for guix-patches@gnu.org; Tue, 03 Dec 2019 16:11:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#38478] [PATCH 0/4] "guix deploy" authenticates SSH servers
 [security]
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 03 Dec 2019 21:11:02 +0000
Resent-Message-ID: <handler.38478.B.157540742926579@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 38478
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 38478@debbugs.gnu.org
Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.157540742926579
 (code B ref -1); Tue, 03 Dec 2019 21:11:02 +0000
Received: (at submit) by debbugs.gnu.org; 3 Dec 2019 21:10:29 +0000
Received: from localhost ([127.0.0.1]:41127 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1icFRF-0006ud-6N
 for submit@debbugs.gnu.org; Tue, 03 Dec 2019 16:10:29 -0500
Received: from lists.gnu.org ([209.51.188.17]:44079)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1icFRC-0006uT-8d
 for submit@debbugs.gnu.org; Tue, 03 Dec 2019 16:10:27 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:54432)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>) id 1icFR4-0006Mc-E9
 for guix-patches@gnu.org; Tue, 03 Dec 2019 16:10:21 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:35957)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1icFQy-0002QS-4o; Tue, 03 Dec 2019 16:10:12 -0500
Received: from [102.78.164.116] (port=18354 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1icFQu-0000lr-Da; Tue, 03 Dec 2019 16:10:08 -0500
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue,  3 Dec 2019 22:09:58 +0100
Message-Id: <20191203210958.20936-1-ludo@gnu.org>
X-Mailer: git-send-email 2.24.0
MIME-Version: 1.0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 209.51.188.43
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: "Guix-patches"
 <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-getmail-retrieved-from-mailbox: Patches

Hi!

This series allow users to specify the remote host key in
<machine-ssh-configuration> used for “guix deploy”, so you
can have that under version control and entirely managed by
Guix, like “guix offload” does.

The second patch fixes a security issue: ‘open-ssh-session’ from
(guix ssh), which is used by “guix deploy” and support for
“GUIX_DAEMON_SOCKET=ssh://…” in (guix store ssh), would not
authenticate the server it’s talking to.

Feedback welcome!

Ludo’.

Ludovic Courtès (4):
  ssh: Add 'authenticate-server*' and use it for offloading.
  ssh: Always authenticate the server [security fix].
  ssh: 'open-ssh-session' can be passed the expected host key.
  machine: ssh: <machine-ssh-configuration> can include the host key.

 doc/guix.texi            | 12 +++++++
 gnu/machine/ssh.scm      |  9 ++++--
 guix/scripts/offload.scm | 30 ++---------------
 guix/ssh.scm             | 69 ++++++++++++++++++++++++++++++++++++++--
 4 files changed, 87 insertions(+), 33 deletions(-)