Question about the ssh parameters

laurent22 / rsync-time-backup

Time Machine style backup with rsync.

3.41k stars 449 forks source link

Question about the ssh parameters #104

Open thomas-mc-work opened 6 years ago

thomas-mc-work commented 6 years ago

Why is this part of the ssh command:

… -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'

Wouldn't it be better to let the user configure this in it's ssh_config instead of generally using it and thus weaken the security?

From the man page man ssh_config:

CheckHostIP If this flag is set to “yes”, ssh(1) will additionally check the host IP address in the known_hosts file.

and

UserKnownHostsFile Specifies one or more files to use for the user host key data‐ base, separated by whitespace.

laurent22 commented 6 years ago

I guess that could indeed be optional although I'm not really familiar with these parameters. @fustundag, do you remember why it was implemented this way?

fustundag commented 6 years ago

@laurent22 If host key changed ( not public/private key, ssh access is stili valid) backup cloud be failed. I choose this option to prevent this fail.

We can change to decide user this ssh config.

Loki3000 commented 6 years ago

Also it's becomes permanent warning:

Warning: Permanently added 'domain' (ECDSA) to the list of known hosts.

that falls to stdout.

thomas-mc-work commented 6 years ago

The scenario is: Every host has a pubplic/private key pair which allows you to identify it distinctly. The keys are stored in your ~/.ssh/known_hosts file once confirmed. From this time every connection attempts is being compared to the stored key and thus checked whether the remote keys has changed. This shall indicate that something unwanted has happened to your remote machine – aiming to detect a sever breach.

Having this option included by default prevents the host validation check done by the SSH client and thus undermines an important security feature. I think it would be better to remove it and let each user decide to opt in if required (by using --rsync-set-flags).

@Loki3000

Also it's becomes permanent warning:

This should only happen if you only have the second part enabled (-o UserKnownHostsFile=/dev/null). This leads to discarding all discovered keys and thus trying to add it again on every new connection.

Loki3000 commented 6 years ago

This should only happen if you only have the second part enabled

I know. But it's enabled by default. And there is no way to disable it without code modification.

shmilee commented 2 months ago

Maybe a better way to set SSH parameters is to do this like --rsync-set-flags.

 --ssh-get-flags        Display the default SSH flags that are used for backup.
 --ssh-set-flags        Set the SSH flags that are used for backup.
 --ssh-append-flags     Append the SSH flags that are going to be used for backup.

Then, allow users to set their own SSH parameters and take responsibility for their SSH settings.