search

benbjohnson / litestream

Streaming replication for SQLite.
https://litestream.io
Apache License 2.0
11.12k stars 256 forks source link

SSH host key check #609

Open tribut opened 1 month ago

tribut commented 1 month ago

Allows specifying the SSH host key as follows:

dbs:
  - path: /path/to/local/db
    replicas:
      - url: sftp://USER@HOST:PORT/PATH
        key-path: /path/to/id_rsa
        host-key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvvypUkBrS9RCyV//p+UFCLg8yKNtTu/ew/cV6XXAAP

(key can be found in /etc/ssh/ssh_host_*.pub on the server)

The change is backwards-compatible and fixes #602 (https://github.com/advisories/GHSA-qpgw-j75c-j585).

If there is interest in this patch, I can update the documentation accordingly.

tribut commented 1 month ago

Strictly speaking, implementing TOFU would be the better fix and more in line with user expectations around SSH, but given that it would be more complex and user would have to touch their config anyway (to add persistent storage for the known hosts db) it didn't seem worth it to me. Let me know if you prefer that route.

asymmetric commented 1 week ago

For reference, there is a similar fix in this commit, which is not on the main branch.