[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#35460: Self supplied SSH host keys
From: |
rendaw |
Subject: |
bug#35460: Self supplied SSH host keys |
Date: |
Sun, 28 Apr 2019 02:45:43 +0900 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 |
Package: guix
Version: 0.16.0
Severity: wishlist
In a disk-image the ssh host keys are generated anew every time the
system boots. This is a significant security issue - the unknown host
warnings will cause notification blindness and users won't recognize if
the host is legitimately compromised.
There's a workaround involving mounting the disk image (losetup -fP &
mount) after building it and adding the files that way, but it requires
a patch to the openssh service activation procedure to re-reset the file
permissions (they're set to 644 or something by an earlier statement).
I can submit my patch if there's interest.
This is a wishlist bug though since it requires a method to add files
with sensitive contents to the system, which I made another ticket for
(35459).
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#35460: Self supplied SSH host keys,
rendaw <=