GNU bug report logs - #18967
Tramp disables important SSH security features

Previous Next

Package: emacs;

Reported by: Daniel Colascione <dancol <at> dancol.org>

Date: Thu, 6 Nov 2014 00:49:01 UTC

Severity: normal

Tags: security

Fixed in version 26.1

Done: Michael Albinus <michael.albinus <at> gmx.de>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Daniel Colascione <dancol <at> dancol.org>
Subject: bug#18967: closed (Re: bug#18967: Tramp disables important SSH
 security features)
Date: Wed, 21 Dec 2016 11:45:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#18967: Tramp disables important SSH security features

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 18967 <at> debbugs.gnu.org.

-- 
18967: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=18967
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Michael Albinus <michael.albinus <at> gmx.de>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 18967-done <at> debbugs.gnu.org, Daniel Colascione <dancol <at> dancol.org>,
 Ted Zlatanov <tzz <at> lifelogs.com>, Stefan Monnier <monnier <at> IRO.UMontreal.CA>
Subject: Re: bug#18967: Tramp disables important SSH security features
Date: Wed, 21 Dec 2016 12:44:23 +0100

Version: 26.1

> I have some plans for a while to obsolete tramp-gw.el. When I wrote it
> back in 2007, it was the only possibility to have an own implementation
> of HTTP CONNECT tunneling.
>
> Meanwhile, putty supports HTTP CONNECT natively. And with ssh, one could
> use a ProxyCommand based on "nc -X connect ...". No need for Tramp to
> implement it itself anymore.
>
> This would perform much better than my implementation in
> tramp-gw.el. And this bug would disappear automatically.
>
> So let's keep this bug as reminder. And I will see, whether I could
> document these settings in the Tramp manual. There are some free days
> next two weeks, isn't it the Xmas break?

Done, closing the bug.

Best regards, Michael.


[Message part 3 (message/rfc822, inline)]
From: Daniel Colascione <dancol <at> dancol.org>
To: bug-emacs <bug-gnu-emacs <at> gnu.org>
Subject: Tramp disables important SSH security features
Date: Thu, 06 Nov 2014 00:47:40 +0000

[Message part 4 (text/plain, inline)]
Tramp disables SSH host key checks by setting
GlobalKnownHostsFile=/dev/null, UserKnownHostsFile=/dev/null, and
StrictHostKeyChecking=no in its default method configuration. These
settings allow attackers to intercept connections to remote hosts, sniff
passwords, and cause other mischief. I don't think we should ship an
insecure configuration.


[signature.asc (application/pgp-signature, attachment)]
This bug report was last modified 8 years and 211 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.