Bug#991797: the distributed ssh_config

To: Frank-Michael Fischer <fmf@pimail.wbiat.ovh>, 991797@bugs.debian.org
Subject: Bug#991797: the distributed ssh_config
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 2 Aug 2021 11:31:28 +0100
Message-id: <[🔎] 20210802103128.GC14453@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 991797@bugs.debian.org
In-reply-to: <[🔎] 2747814f-b09a-adb1-9174-f3ae16544ba5@pimail.wbiat.ovh>
References: <[🔎] 1215b25f-2b68-3d04-986e-506b414e882d@pimail.wbiat.ovh> <[🔎] 2747814f-b09a-adb1-9174-f3ae16544ba5@pimail.wbiat.ovh> <[🔎] 1215b25f-2b68-3d04-986e-506b414e882d@pimail.wbiat.ovh>

On Mon, Aug 02, 2021 at 11:40:02AM +0200, Frank-Michael Fischer wrote:
> *#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k*

That's not actually the default though; upstream seems to have added
that *comment* to the distributed ssh_config merely as an example.  The
actual code that sets the default behaviour looks like this:

        if (options->num_user_hostfiles == 0) {
                options->user_hostfiles[options->num_user_hostfiles++] =
                    xstrdup(_PATH_SSH_USER_HOSTFILE);
                options->user_hostfiles[options->num_user_hostfiles++] =
                    xstrdup(_PATH_SSH_USER_HOSTFILE2);
        }

And the corresponding macro definitions for that are:

/*
 * Per-user file containing host keys of known hosts.  This file need not be
 * readable by anyone except the user him/herself, though this does not
 * contain anything particularly secret.
 */
#define _PATH_SSH_USER_HOSTFILE         "~/" _PATH_SSH_USER_DIR "/known_hosts"
/* backward compat for protocol 2 */
#define _PATH_SSH_USER_HOSTFILE2        "~/" _PATH_SSH_USER_DIR "/known_hosts2"

I also tested this in a clean Debian unstable container image, and
strace proves that ssh is looking at ~/.ssh/known_hosts by default:

212   openat(AT_FDCWD, "/home/cjwatson/.ssh/known_hosts", O_RDONLY) = -1 ENOENT (No such file or directory)
212   openat(AT_FDCWD, "/home/cjwatson/.ssh/known_hosts2", O_RDONLY) = -1 ENOENT (No such file or directory)
212   openat(AT_FDCWD, "/etc/ssh/ssh_known_hosts", O_RDONLY) = -1 ENOENT (No such file or directory)
212   openat(AT_FDCWD, "/etc/ssh/ssh_known_hosts2", O_RDONLY) = -1 ENOENT (No such file or directory)

> There is another bug in the default settings:
> 
> Without adding "hmac-sha2-256" this way "MACs
> hmac-md5,hmac-sha1,hmac-sha2-256,umac-64@openssh.com" ssh does not connect
> to any of my own sshd servers on Debian 10, Ubuntu 18.04 and 20.04 and
> Oracle Linux 8.

Again, the commented-out values in ssh_config are merely comments and
are not actually the defaults.  (You would have to ask upstream for why
the commented-out values aren't in sync there, but that would at most be
a documentation error, not incorrect defaults.)  "man ssh_config"
describes the actual default for MACs, which is:

  umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]

Reply to:

References:
- Bug#991797: openssh-client: UserKnownHostsFile default wrong
  - From: Frank-Michael Fischer <fmf@pimail.wbiat.ovh>
- Bug#991797: the distributed ssh_config
  - From: Frank-Michael Fischer <fmf@pimail.wbiat.ovh>

Prev by Date: Bug#991797: the distributed ssh_config
Next by Date: Bug#991936: openssh-server: seccomp filter defaults to SIGSYS, could break any libc or kernel upgrade
Previous by thread: Bug#991797: the distributed ssh_config
Next by thread: Bug#991936: openssh-server: seccomp filter defaults to SIGSYS, could break any libc or kernel upgrade
Index(es):
- Date
- Thread