HomePhabricator

kex: Do not ignore keys in known_hosts files

Authored by Anderson Toshiyuki Sasaki <ansasaki@redhat.com> on Jul 1 2019, 7:39 PM.

Description

kex: Do not ignore keys in known_hosts files

Previously, if the SSH_OPTIONS_HOSTKEYS option was set by any mean,
including the client configuration file, the keys in known_hosts files
wouldn't be considered before advertising the list of wanted host keys.

This could result in the client requesting the server to provide a
signature using a key not present in the known_hosts files (e.g. when
the first wanted algorithm in SSH_OPTIONS_HOSTKEYS is not present in the
known_hosts files), causing a host key mismatch and possible key
rejection.

Now, the keys present in the known_hosts files are prioritized over the
other wanted keys. This do not change the fact that only keys of types
present in the list set in SSH_OPTIONS_HOSTKEYS will be accepted and
prioritized following the order defined by such list.

The new wanted list of hostkeys is given by:

  • The keys present in known_hosts files, ordered by preference defined in SSH_OPTIONS_HOSTKEYS. If the option is not set, a default order of preference is used.
  • The other keys present in the same option are appended without adding duplicates. If the option is not set, the default list of keys is used.

Fixes: T156

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit f18a7cc17e399ae7bc92f707da3a676c52fd948e)