fix: insecure host key #254
Conversation
Uses the knownhosts package to validate the host key. Signed-off-by: Ryan Johnson <[email protected]>
There was a problem hiding this comment.
Hey @tenthirtyam,
I understand the rationale for not vetting any host here, but I wonder if this won't cause more harm than good, I might be missing something though so please feel free to pushback on my comments, I'd love to hear if I'm mistaken!
| @@ -747,12 +748,18 @@ func (d *EsxiDriver) connect() error { | |||
| auth = append(auth, gossh.PublicKeys(signer)) | |||
| } | |||
|
|
|||
| knownHostsFile := filepath.Join(os.Getenv("HOME"), ".ssh", "known_hosts") | |||
There was a problem hiding this comment.
I would think this is not portable? AFAIK HOME is only set in UNIX environments, so if you're building on a Windows host that'll probably not work, will it?
| knownHostsFile := filepath.Join(os.Getenv("HOME"), ".ssh", "known_hosts") | ||
| hostKeyCallback, err := knownhosts.New(knownHostsFile) | ||
| if err != nil { | ||
| return err |
There was a problem hiding this comment.
Looking at this, this means that if I don't have a local hosts file the builder will fail?
Since Packer implements its own SSH code instead of relying on OpenSSH or alternatives, it is conceivable that host machines won't have one, so we might break their builds by merging this I'm afraid
| sshConfig := &ssh.Config{ | ||
| Connection: ssh.ConnectFunc("tcp", address), | ||
| SSHConfig: &gossh.ClientConfig{ | ||
| User: d.Username, | ||
| Auth: auth, | ||
| HostKeyCallback: gossh.InsecureIgnoreHostKey(), | ||
| HostKeyCallback: hostKeyCallback, |
There was a problem hiding this comment.
That I wonder, since the machine we're connecting to is a temporary VM, we probably don't have an entry for it in the local known_hosts, won't that prevent us from connecting later?
Summary
Enhancements to the
EsxiDriverin thebuilder/vmware/common/driver_esxi.gofile to improve security by using known host key verification. The most important changes involve importing theknownhostspackage and updating the SSH connection configuration to use a known hosts file.knownhostspackage to enable host key verification.connectfunction to use a known hosts file for host key verification instead of ignoring host keys.Reference
https://github.com/hashicorp/packer-plugin-vmware/security/code-scanning/7