| Message ID | 20191203211557.21145-4-ludo@gnu.org |
|---|---|
| State | Accepted |
| Headers | show |
| Series | "guix deploy" authenticates SSH servers [security] | expand |
I've only been able to follow the updates to "guix deploy" somewhat tangentially, but I was very excited to see this patch in my inbox. Thumbs up from me, thanks Ludo! Regards, Jakob
Hi! zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) skribis: > I've only been able to follow the updates to "guix deploy" somewhat > tangentially, but I was very excited to see this patch in my inbox. > Thumbs up from me, thanks Ludo! Heheh, thank you! I went ahead and pushed it as it seemed like a good idea to not wait. BTW, I’m wondering if we should go further and deprecate missing/#f ‘host-key’ fields altogether. WDYT? To me it just seems wiser to have that info within the deploy config rather than out-of-band in ~/.ssh/known_hosts. Ludo’.
Ludovic Courtès <ludo@gnu.org> writes: > I went ahead and pushed it as it seemed like a good idea to not wait. Agreed :) > BTW, I’m wondering if we should go further and deprecate missing/#f > ‘host-key’ fields altogether. WDYT? > > To me it just seems wiser to have that info within the deploy config > rather than out-of-band in ~/.ssh/known_hosts. I feel that's more in-line with the goals of Guix -- implicitly reading ~/.ssh/known_hosts doesn't seem declarative to me. What's our means for deprecating features like that? A warning message when omitted? If that's the case, I'm definitely on board. Regards, Jakob
Hi! zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) skribis: > Ludovic Courtès <ludo@gnu.org> writes: [...] >> BTW, I’m wondering if we should go further and deprecate missing/#f >> ‘host-key’ fields altogether. WDYT? >> >> To me it just seems wiser to have that info within the deploy config >> rather than out-of-band in ~/.ssh/known_hosts. > > I feel that's more in-line with the goals of Guix -- implicitly reading > ~/.ssh/known_hosts doesn't seem declarative to me. What's our means for > deprecating features like that? A warning message when omitted? If > that's the case, I'm definitely on board. Yup, we can emit a deprecation warning when the key is #f. So let’s take that route if nobody objects. It’s easier to deprecate it now that “guix deploy” is still very new. Ludo’.
Ludovic Courtès <ludo@gnu.org> skribis: > zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) skribis: > >> Ludovic Courtès <ludo@gnu.org> writes: > > [...] > >>> BTW, I’m wondering if we should go further and deprecate missing/#f >>> ‘host-key’ fields altogether. WDYT? >>> >>> To me it just seems wiser to have that info within the deploy config >>> rather than out-of-band in ~/.ssh/known_hosts. >> >> I feel that's more in-line with the goals of Guix -- implicitly reading >> ~/.ssh/known_hosts doesn't seem declarative to me. What's our means for >> deprecating features like that? A warning message when omitted? If >> that's the case, I'm definitely on board. > > Yup, we can emit a deprecation warning when the key is #f. > > So let’s take that route if nobody objects. It’s easier to deprecate it > now that “guix deploy” is still very new. Done in commit 2617d956d8ae122128a1ba2cc74983cbd683b042! Ludo’.
diff --git a/doc/guix.texi b/doc/guix.texi index 2da1ecd64c..e6e015ad3e 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -26412,6 +26412,18 @@ keyring. @item @code{identity} (default: @code{#f}) If specified, the path to the SSH private key to use to authenticate with the remote host. + +@item @code{host-key} (default: @code{#f}) +This should be the SSH host key of the machine, which looks like this: + +@example +ssh-ed25519 AAAAC3Nz@dots{} root@@example.org +@end example + +When @code{host-key} is @code{#f}, the server is authenticated against +the @file{~/.ssh/known_hosts} file, just like the OpenSSH @command{ssh} +client does. + @end table @end deftp diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm index 6e3ed0e092..23ae917b79 100644 --- a/gnu/machine/ssh.scm +++ b/gnu/machine/ssh.scm @@ -54,6 +54,7 @@ machine-ssh-configuration-authorize? machine-ssh-configuration-port machine-ssh-configuration-user + machine-ssh-configuration-host-key machine-ssh-configuration-session)) ;;; Commentary: @@ -87,6 +88,8 @@ (identity machine-ssh-configuration-identity ; path to a private key (default #f)) (session machine-ssh-configuration-session ; session + (default #f)) + (host-key machine-ssh-configuration-host-key ; #f | string (default #f))) (define (machine-ssh-session machine) @@ -98,11 +101,13 @@ one from the configuration's parameters if one was not provided." (let ((host-name (machine-ssh-configuration-host-name config)) (user (machine-ssh-configuration-user config)) (port (machine-ssh-configuration-port config)) - (identity (machine-ssh-configuration-identity config))) + (identity (machine-ssh-configuration-identity config)) + (host-key (machine-ssh-configuration-host-key config))) (open-ssh-session host-name #:user user #:port port - #:identity identity))))) + #:identity identity + #:host-key host-key))))) ;;;