evsar3
commented
2 years ago As far as I know this options only bypass the checking of known_hosts file.
Anyways, gonna include this option on the list of custom params.
Closed cinderblock closed 2 years ago
evsar3
commented
2 years ago As far as I know this options only bypass the checking of known_hosts file.
Anyways, gonna include this option on the list of custom params.
cinderblock
commented
2 years ago As far as I know this options only bypass the checking of
known_hostsfile.
Not exactly.
If you have signed host keys, a client can authenticate a host without needing their specific key in known_hosts. Disabling host key checking will also disable this test.
If this flag is set to "yes", ssh will never automatically add host keys to the ~/.ssh/known_hosts
This is a side effect, not the primary use case of disabling host key checking.
More precisely, disabling host key checking is simply a "do not try to authenticate the host", maybe with the assumption that you're already on a secure network.
I'm all for a modal that pops up on connect that says "You've never connected to this host before so we cannot verify its security. Do you trust that this is a secure connection?"
evsar3
commented
2 years ago Unfortunately there is no such interface that allow this iteration with the CLI tool. SSHFS-WIn runs inside its own shell which impossibilite manipulation of stdin.
cinderblock
commented
2 years ago I'm not following what you're saying.
You could remove these two lines and the connections would be securable. Yes, it might be annoying/difficult to send the "Y" that is needed to tell the underlying ssh to accept the key, but that's a separate issue.
Maybe this is what you're talking about? But I'm rather certain it's easy to manipulate stdin of a subshell. It looks like the code here is already doing this. Am I missing something?
evsar3
commented
2 years ago Things are a bit more complicated tho...
The only moment I'm allowed to interact with the SSHFS-Win shell is when it asks for the server password. And that is only allowed with the option password_stdin enabled. In any other moment it totally ignores my inputs.
You can try it by yourself. If you manage to make it happen, I will be very glad to merge your PR.
😁
I try to ensure my systems' connections are secure. Looking at SSHFS-Win's debug output, I saw "
-oStrictHostKeyChecking=no" which specifically enables man-in-the-middle attacks.Looking at the source code, there seems to be no way to enable it as it is forced off.
Would you consider fixing this security flaw?
IMHO, the default behavior should be to reject bad hosts and have a checkbox to disable host key checking.