GNU bug report logs - #18967
Tramp disables important SSH security features

Previous Next

Package: emacs;

Reported by: Daniel Colascione <dancol <at> dancol.org>

Date: Thu, 6 Nov 2014 00:49:01 UTC

Severity: normal

Tags: security

Fixed in version 26.1

Done: Michael Albinus <michael.albinus <at> gmx.de>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 18967 <at> debbugs.gnu.org, Daniel Colascione <dancol <at> dancol.org>, Ted Zlatanov <tzz <at> lifelogs.com>, Stefan Monnier <monnier <at> IRO.UMontreal.CA>
Subject: bug#18967: Tramp disables important SSH security features
Date: Sun, 18 Dec 2016 09:51:18 +0100

Glenn Morris <rgm <at> gnu.org> writes:

> How about
>
> ssh -o BatchMode=yes 

No, Batchmode suppresses the password dialogue. Not applicable.

And looking at the code I really don't see what can be done.

Note, that GlobalKnownHostsFile, UserKnownHostsFile and
StrictHostKeyChecking are not disabled by default. They are disabled
only in case a so-called gateway is used, like
"/tunnel:proxyhost#3128|ssh:remotehost:/path/to/file". Tramp will
created a temporary httpd tunnel then, with a random port number on the
localhost, like localhost#12345.

If you connect to remotehost as above, there will be a an internal ssh
connection to localhost#12345, which is the tunnel through proxyhost. If
you connect to another.remotehost afterwards, the same internal ssh
target will be used. But remotehost and another.remotehost are
different, and so are their host keys. That's why Tramp must be
instructed to ignore the host keys in this very special case.

See also (info "(tramp) Gateway methods")

Best regards, Michael.
This bug report was last modified 8 years and 211 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.