From unknown Thu Sep 11 13:39:45 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#38478] [PATCH 0/4] "guix deploy" authenticates SSH servers [security]
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 03 Dec 2019 21:11:02 +0000
Resent-Message-ID: <handler.38478.B.157540742926579@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 38478
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 38478@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.157540742926579
          (code B ref -1); Tue, 03 Dec 2019 21:11:02 +0000
Received: (at submit) by debbugs.gnu.org; 3 Dec 2019 21:10:29 +0000
Received: from localhost ([127.0.0.1]:41127 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1icFRF-0006ud-6N
	for submit@debbugs.gnu.org; Tue, 03 Dec 2019 16:10:29 -0500
Received: from lists.gnu.org ([209.51.188.17]:44079)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1icFRC-0006uT-8d
 for submit@debbugs.gnu.org; Tue, 03 Dec 2019 16:10:27 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:54432)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>) id 1icFR4-0006Mc-E9
 for guix-patches@gnu.org; Tue, 03 Dec 2019 16:10:21 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_20
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:470:142:3::e]:35957)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1icFQy-0002QS-4o; Tue, 03 Dec 2019 16:10:12 -0500
Received: from [102.78.164.116] (port=18354 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1icFQu-0000lr-Da; Tue, 03 Dec 2019 16:10:08 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue,  3 Dec 2019 22:09:58 +0100
Message-Id: <20191203210958.20936-1-ludo@gnu.org>
X-Mailer: git-send-email 2.24.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi!

This series allow users to specify the remote host key in
<machine-ssh-configuration> used for “guix deploy”, so you
can have that under version control and entirely managed by
Guix, like “guix offload” does.

The second patch fixes a security issue: ‘open-ssh-session’ from
(guix ssh), which is used by “guix deploy” and support for
“GUIX_DAEMON_SOCKET=ssh://…” in (guix store ssh), would not
authenticate the server it’s talking to.

Feedback welcome!

Ludo’.

Ludovic Courtès (4):
  ssh: Add 'authenticate-server*' and use it for offloading.
  ssh: Always authenticate the server [security fix].
  ssh: 'open-ssh-session' can be passed the expected host key.
  machine: ssh: <machine-ssh-configuration> can include the host key.

 doc/guix.texi            | 12 +++++++
 gnu/machine/ssh.scm      |  9 ++++--
 guix/scripts/offload.scm | 30 ++---------------
 guix/ssh.scm             | 69 ++++++++++++++++++++++++++++++++++++++--
 4 files changed, 87 insertions(+), 33 deletions(-)

-- 
2.24.0





From unknown Thu Sep 11 13:39:45 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#38478] [PATCH 1/4] ssh: Add 'authenticate-server*' and use it for offloading.
References: <20191203210958.20936-1-ludo@gnu.org>
In-Reply-To: <20191203210958.20936-1-ludo@gnu.org>
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 03 Dec 2019 21:17:02 +0000
Resent-Message-ID: <handler.38478.B38478.157540778627173@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 38478
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 38478@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Received: via spool by 38478-submit@debbugs.gnu.org id=B38478.157540778627173
          (code B ref 38478); Tue, 03 Dec 2019 21:17:02 +0000
Received: (at 38478) by debbugs.gnu.org; 3 Dec 2019 21:16:26 +0000
Received: from localhost ([127.0.0.1]:41135 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1icFWz-00074B-TE
	for submit@debbugs.gnu.org; Tue, 03 Dec 2019 16:16:26 -0500
Received: from eggs.gnu.org ([209.51.188.92]:57894)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1icFWy-00073m-DE
 for 38478@debbugs.gnu.org; Tue, 03 Dec 2019 16:16:24 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:36194)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1icFWi-0001KU-3W; Tue, 03 Dec 2019 16:16:09 -0500
Received: from [102.78.164.116] (port=18308 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1icFWf-0001Km-Pw; Tue, 03 Dec 2019 16:16:06 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue,  3 Dec 2019 22:15:54 +0100
Message-Id: <20191203211557.21145-1-ludo@gnu.org>
X-Mailer: git-send-email 2.24.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* guix/scripts/offload.scm (host-key->type+key): Remove.
(open-ssh-session): Replace server authentication code with a call to
'authenticate-server*'.
* guix/ssh.scm (host-key->type+key, authenticate-server*): New
procedures.
---
 guix/scripts/offload.scm | 30 ++----------------------------
 guix/ssh.scm             | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 28 deletions(-)

diff --git a/guix/scripts/offload.scm b/guix/scripts/offload.scm
index 18473684eb..e81b6c25f2 100644
--- a/guix/scripts/offload.scm
+++ b/guix/scripts/offload.scm
@@ -149,19 +149,6 @@ ignoring it~%")
          (leave (G_ "failed to load machine file '~a': ~s~%")
                 file args))))))
 
-(define (host-key->type+key host-key)
-  "Destructure HOST-KEY, an OpenSSH host key string, and return two values:
-its key type as a symbol, and the actual base64-encoded string."
-  (define (type->symbol type)
-    (and (string-prefix? "ssh-" type)
-         (string->symbol (string-drop type 4))))
-
-  (match (string-tokenize host-key)
-    ((type key x)
-     (values (type->symbol type) key))
-    ((type key)
-     (values (type->symbol type) key))))
-
 (define (private-key-from-file* file)
   "Like 'private-key-from-file', but raise an error that 'with-error-handling'
 can interpret meaningfully."
@@ -203,21 +190,8 @@ private key from '~a': ~a")
                                (build-machine-compression-level machine))))
     (match (connect! session)
       ('ok
-       ;; Authenticate the server.  XXX: Guile-SSH 0.10.1 doesn't know about
-       ;; ed25519 keys and 'get-key-type' returns #f in that case.
-       (let-values (((server)   (get-server-public-key session))
-                    ((type key) (host-key->type+key
-                                 (build-machine-host-key machine))))
-         (unless (and (or (not (get-key-type server))
-                          (eq? (get-key-type server) type))
-                      (string=? (public-key->string server) key))
-           ;; Key mismatch: something's wrong.  XXX: It could be that the server
-           ;; provided its Ed25519 key when we where expecting its RSA key.
-           (leave (G_ "server at '~a' returned host key '~a' of type '~a' \
-instead of '~a' of type '~a'~%")
-                  (build-machine-name machine)
-                  (public-key->string server) (get-key-type server)
-                  key type)))
+       ;; Make sure the server's key is what we expect.
+       (authenticate-server* session (build-machine-host-key machine))
 
        (let ((auth (userauth-public-key! session private)))
          (unless (eq? 'success auth)
diff --git a/guix/ssh.scm b/guix/ssh.scm
index 5fd3c280e8..f34e71392b 100644
--- a/guix/ssh.scm
+++ b/guix/ssh.scm
@@ -37,6 +37,8 @@
   #:use-module (ice-9 format)
   #:use-module (ice-9 binary-ports)
   #:export (open-ssh-session
+            authenticate-server*
+
             remote-inferior
             remote-daemon-channel
             connect-to-remote-daemon
@@ -60,6 +62,41 @@
 (define %compression
   "zlib@openssh.com,zlib")
 
+(define (host-key->type+key host-key)
+  "Destructure HOST-KEY, an OpenSSH host key string, and return two values:
+its key type as a symbol, and the actual base64-encoded string."
+  (define (type->symbol type)
+    (and (string-prefix? "ssh-" type)
+         (string->symbol (string-drop type 4))))
+
+  (match (string-tokenize host-key)
+    ((type key x)
+     (values (type->symbol type) key))
+    ((type key)
+     (values (type->symbol type) key))))
+
+(define (authenticate-server* session key)
+  "Make sure the server for SESSION has the given KEY, where KEY is a string
+such as \"ssh-ed25519 AAAAC3Nz… root@example.org\".  Raise an exception if the
+actual key does not match."
+  (let-values (((server)   (get-server-public-key session))
+               ((type key) (host-key->type+key key)))
+    (unless (and (or (not (get-key-type server))
+                     (eq? (get-key-type server) type))
+                 (string=? (public-key->string server) key))
+      ;; Key mismatch: something's wrong.  XXX: It could be that the server
+      ;; provided its Ed25519 key when we where expecting its RSA key.  XXX:
+      ;; Guile-SSH 0.10.1 doesn't know about ed25519 keys and 'get-key-type'
+      ;; returns #f in that case.
+      (raise (condition
+              (&message
+               (message (format #f (G_ "server at '~a' returned host key \
+'~a' of type '~a' instead of '~a' of type '~a'~%")
+                                (session-get session 'host)
+                                (public-key->string server)
+                                (get-key-type server)
+                                key type))))))))
+
 (define* (open-ssh-session host #:key user port identity
                            (compression %compression)
                            (timeout 3600))
-- 
2.24.0





From unknown Thu Sep 11 13:39:45 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#38478] [PATCH 3/4] ssh: 'open-ssh-session' can be passed the expected host key.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 03 Dec 2019 21:17:02 +0000
Resent-Message-ID: <handler.38478.B38478.157540778627180@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 38478
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 38478@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Received: via spool by 38478-submit@debbugs.gnu.org id=B38478.157540778627180
          (code B ref 38478); Tue, 03 Dec 2019 21:17:02 +0000
Received: (at 38478) by debbugs.gnu.org; 3 Dec 2019 21:16:26 +0000
Received: from localhost ([127.0.0.1]:41138 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1icFX0-00074E-AX
	for submit@debbugs.gnu.org; Tue, 03 Dec 2019 16:16:26 -0500
Received: from eggs.gnu.org ([209.51.188.92]:57911)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1icFWy-00073o-Ga
 for 38478@debbugs.gnu.org; Tue, 03 Dec 2019 16:16:25 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:36207)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1icFWq-0001Or-6K; Tue, 03 Dec 2019 16:16:19 -0500
Received: from [102.78.164.116] (port=18308 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1icFWo-0001Km-B1; Tue, 03 Dec 2019 16:16:15 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue,  3 Dec 2019 22:15:56 +0100
Message-Id: <20191203211557.21145-3-ludo@gnu.org>
X-Mailer: git-send-email 2.24.0
In-Reply-To: <20191203211557.21145-1-ludo@gnu.org>
References: <20191203211557.21145-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* guix/ssh.scm (open-ssh-session): Add #:host-key parameter.
Pass #:knownhosts to 'make-session'.  When HOST-KEY is true, call
'authenticate-server*' instead of 'authenticate-server'.
---
 guix/ssh.scm | 39 +++++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/guix/ssh.scm b/guix/ssh.scm
index 519c723155..291ce20b61 100644
--- a/guix/ssh.scm
+++ b/guix/ssh.scm
@@ -98,14 +98,20 @@ actual key does not match."
                                 key type))))))))
 
 (define* (open-ssh-session host #:key user port identity
+                           host-key
                            (compression %compression)
                            (timeout 3600))
   "Open an SSH session for HOST and return it.  IDENTITY specifies the file
 name of a private key to use for authenticating with the host.  When USER,
 PORT, or IDENTITY are #f, use default values or whatever '~/.ssh/config'
-specifies; otherwise use them.  Install TIMEOUT as the maximum time in seconds
-after which a read or write operation on a channel of the returned session is
-considered as failing.
+specifies; otherwise use them.
+
+When HOST-KEY is true, it must be a string like \"ssh-ed25519 AAAAC3Nz…
+root@example.org\"; the server is authenticated and an error is raised if its
+host key is different from HOST-KEY.
+
+Install TIMEOUT as the maximum time in seconds after which a read or write
+operation on a channel of the returned session is considered as failing.
 
 Throw an error on failure."
   (let ((session (make-session #:user user
@@ -115,6 +121,11 @@ Throw an error on failure."
                                #:timeout 10       ;seconds
                                ;; #:log-verbosity 'protocol
 
+                               ;; Prevent libssh from reading
+                               ;; ~/.ssh/known_hosts when the caller provides
+                               ;; a HOST-KEY to match against.
+                               #:knownhosts (and host-key "/dev/null")
+
                                ;; We need lightweight compression when
                                ;; exchanging full archives.
                                #:compression compression
@@ -125,16 +136,20 @@ Throw an error on failure."
 
     (match (connect! session)
       ('ok
-       ;; Authenticate against ~/.ssh/known_hosts.
-       (match (authenticate-server session)
-         ('ok #f)
-         (reason
-          (raise (condition
-                  (&message
-                   (message (format #f (G_ "failed to authenticate \
+       (if host-key
+           ;; Make sure the server's key is what we expect.
+           (authenticate-server* session host-key)
+
+           ;; Authenticate against ~/.ssh/known_hosts.
+           (match (authenticate-server session)
+             ('ok #f)
+             (reason
+              (raise (condition
+                      (&message
+                       (message (format #f (G_ "failed to authenticate \
 server at '~a': ~a")
-                                    (session-get session 'host)
-                                    reason)))))))
+                                        (session-get session 'host)
+                                        reason))))))))
 
        ;; Use public key authentication, via the SSH agent if it's available.
        (match (userauth-public-key/auto! session)
-- 
2.24.0





From unknown Thu Sep 11 13:39:45 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#38478] [PATCH 2/4] ssh: Always authenticate the server [security fix].
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 03 Dec 2019 21:17:03 +0000
Resent-Message-ID: <handler.38478.B38478.157540778727192@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 38478
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 38478@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Received: via spool by 38478-submit@debbugs.gnu.org id=B38478.157540778727192
          (code B ref 38478); Tue, 03 Dec 2019 21:17:03 +0000
Received: (at 38478) by debbugs.gnu.org; 3 Dec 2019 21:16:27 +0000
Received: from localhost ([127.0.0.1]:41140 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1icFX0-00074L-L6
	for submit@debbugs.gnu.org; Tue, 03 Dec 2019 16:16:26 -0500
Received: from eggs.gnu.org ([209.51.188.92]:57906)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1icFWy-00073n-Fi
 for 38478@debbugs.gnu.org; Tue, 03 Dec 2019 16:16:25 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:36206)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1icFWo-0001Nv-19; Tue, 03 Dec 2019 16:16:17 -0500
Received: from [102.78.164.116] (port=18308 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1icFWi-0001Km-OE; Tue, 03 Dec 2019 16:16:12 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue,  3 Dec 2019 22:15:55 +0100
Message-Id: <20191203211557.21145-2-ludo@gnu.org>
X-Mailer: git-send-email 2.24.0
In-Reply-To: <20191203211557.21145-1-ludo@gnu.org>
References: <20191203211557.21145-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Until now, users of 'open-ssh-session', including "guix deploy" and
"GUIX_DAEMON_SOCKET=ssh://…" (but not "guix offload"), would not
authenticate the SSH server they're talking to.

* guix/ssh.scm (open-ssh-session): Call 'authenticate-server'.
---
 guix/ssh.scm | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/guix/ssh.scm b/guix/ssh.scm
index f34e71392b..519c723155 100644
--- a/guix/ssh.scm
+++ b/guix/ssh.scm
@@ -125,6 +125,17 @@ Throw an error on failure."
 
     (match (connect! session)
       ('ok
+       ;; Authenticate against ~/.ssh/known_hosts.
+       (match (authenticate-server session)
+         ('ok #f)
+         (reason
+          (raise (condition
+                  (&message
+                   (message (format #f (G_ "failed to authenticate \
+server at '~a': ~a")
+                                    (session-get session 'host)
+                                    reason)))))))
+
        ;; Use public key authentication, via the SSH agent if it's available.
        (match (userauth-public-key/auto! session)
          ('success
-- 
2.24.0





From unknown Thu Sep 11 13:39:45 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#38478] [PATCH 4/4] machine: ssh: <machine-ssh-configuration> can include the host key.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 03 Dec 2019 21:17:03 +0000
Resent-Message-ID: <handler.38478.B38478.157540778827202@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 38478
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 38478@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Received: via spool by 38478-submit@debbugs.gnu.org id=B38478.157540778827202
          (code B ref 38478); Tue, 03 Dec 2019 21:17:03 +0000
Received: (at 38478) by debbugs.gnu.org; 3 Dec 2019 21:16:28 +0000
Received: from localhost ([127.0.0.1]:41142 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1icFX2-00074f-0R
	for submit@debbugs.gnu.org; Tue, 03 Dec 2019 16:16:28 -0500
Received: from eggs.gnu.org ([209.51.188.92]:57927)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1icFX0-00073q-8s
 for 38478@debbugs.gnu.org; Tue, 03 Dec 2019 16:16:26 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:36208)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1icFWr-0001QB-Eo; Tue, 03 Dec 2019 16:16:19 -0500
Received: from [102.78.164.116] (port=18308 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1icFWq-0001Km-Pv; Tue, 03 Dec 2019 16:16:17 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue,  3 Dec 2019 22:15:57 +0100
Message-Id: <20191203211557.21145-4-ludo@gnu.org>
X-Mailer: git-send-email 2.24.0
In-Reply-To: <20191203211557.21145-1-ludo@gnu.org>
References: <20191203211557.21145-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* gnu/machine/ssh.scm (<machine-ssh-configuration>)[host-key]: New field.
(machine-ssh-session): Pass #:host-key to 'open-ssh-session'.
* doc/guix.texi (Invoking guix deploy): Document it.
---
 doc/guix.texi       | 12 ++++++++++++
 gnu/machine/ssh.scm |  9 +++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 2da1ecd64c..e6e015ad3e 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -26412,6 +26412,18 @@ keyring.
 @item @code{identity} (default: @code{#f})
 If specified, the path to the SSH private key to use to authenticate with the
 remote host.
+
+@item @code{host-key} (default: @code{#f})
+This should be the SSH host key of the machine, which looks like this:
+
+@example
+ssh-ed25519 AAAAC3Nz@dots{} root@@example.org
+@end example
+
+When @code{host-key} is @code{#f}, the server is authenticated against
+the @file{~/.ssh/known_hosts} file, just like the OpenSSH @command{ssh}
+client does.
+
 @end table
 @end deftp
 
diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm
index 6e3ed0e092..23ae917b79 100644
--- a/gnu/machine/ssh.scm
+++ b/gnu/machine/ssh.scm
@@ -54,6 +54,7 @@
             machine-ssh-configuration-authorize?
             machine-ssh-configuration-port
             machine-ssh-configuration-user
+            machine-ssh-configuration-host-key
             machine-ssh-configuration-session))
 
 ;;; Commentary:
@@ -87,6 +88,8 @@
   (identity       machine-ssh-configuration-identity       ; path to a private key
                   (default #f))
   (session        machine-ssh-configuration-session        ; session
+                  (default #f))
+  (host-key       machine-ssh-configuration-host-key       ; #f | string
                   (default #f)))
 
 (define (machine-ssh-session machine)
@@ -98,11 +101,13 @@ one from the configuration's parameters if one was not provided."
         (let ((host-name (machine-ssh-configuration-host-name config))
               (user (machine-ssh-configuration-user config))
               (port (machine-ssh-configuration-port config))
-              (identity (machine-ssh-configuration-identity config)))
+              (identity (machine-ssh-configuration-identity config))
+              (host-key (machine-ssh-configuration-host-key config)))
           (open-ssh-session host-name
                             #:user user
                             #:port port
-                            #:identity identity)))))
+                            #:identity identity
+                            #:host-key host-key)))))
 
 
 ;;;
-- 
2.24.0





From unknown Thu Sep 11 13:39:45 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#38478] [PATCH 4/4] machine: ssh: <machine-ssh-configuration> can include the host key.
Resent-From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze)
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Wed, 04 Dec 2019 13:21:02 +0000
Resent-Message-ID: <handler.38478.B38478.15754656213125@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 38478
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 38478@debbugs.gnu.org
Received: via spool by 38478-submit@debbugs.gnu.org id=B38478.15754656213125
          (code B ref 38478); Wed, 04 Dec 2019 13:21:02 +0000
Received: (at 38478) by debbugs.gnu.org; 4 Dec 2019 13:20:21 +0000
Received: from localhost ([127.0.0.1]:41549 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1icUZp-0000oL-AI
	for submit@debbugs.gnu.org; Wed, 04 Dec 2019 08:20:21 -0500
Received: from mx.sdf.org ([205.166.94.20]:62731)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zerodaysfordays@sdf.lonestar.org>)
 id 1icUZl-0000o4-WD
 for 38478@debbugs.gnu.org; Wed, 04 Dec 2019 08:20:20 -0500
Received: from Upsilon (natp-128-119-202-42.wireless.umass.edu
 [128.119.202.42]) (authenticated (0 bits))
 by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id xB4DK9pm003441
 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO);
 Wed, 4 Dec 2019 13:20:15 GMT
From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze)
References: <20191203211557.21145-1-ludo@gnu.org>
 <20191203211557.21145-4-ludo@gnu.org>
Date: Wed, 04 Dec 2019 08:19:59 -0500
In-Reply-To: <20191203211557.21145-4-ludo@gnu.org> ("Ludovic
 \=\?utf-8\?Q\?Cou\?\= \=\?utf-8\?Q\?rt\=C3\=A8s\=22's\?\=
 message of "Tue, 3 Dec 2019 22:15:57 +0100")
Message-ID: <87d0d4qlc0.fsf@sdf.lonestar.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain

I've only been able to follow the updates to "guix deploy" somewhat
tangentially, but I was very excited to see this patch in my inbox.
Thumbs up from me, thanks Ludo!

Regards,
Jakob

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl3nsoEACgkQ9Qb9Fp2P
2VrCyg/+PiUW7T+Ag6SUAXVjv7cxgSAgBhyeJ27Qx0Bk3hZN1OMGu8817i+c/m8a
1xeLgziJ5IQE2t3s+uDhFxW1WNq3ve6EwF0yxTZYKP9+V651ng0p0U868VtwDopr
z/Y0HnvCw+dGuK71J30BjtCz/vyi/1GaDnIityfN617IlbX9hRG3Ug6UGAuq7x/s
S4ZPcwmLjxoj8yuB5PvczLtQJwc9jQIfu6s6fyNA1lta6rs78tOdKI7UzvO7VCqh
UvT2QlzC7VeA1VeMc41nebLTFvmiIG0i4oPMzHagbfXE+g0DXcGdTz1CgNi2fkT7
/wzFdeN2707d8ZH2MYjMbEsoBJU4B3rt+R1wplG5QT8eU0DVm3TpHm66ry6pXkFR
3I/p8LOpm+kM0TeW1aYI1ZxfKT+5fvuGvRA7iGhdIQAGKPw/Rj4XmFpIKnFE0ai2
wtZzoJVrYb2lrl2jBsA+T2FI7MPDxSOFlHbKM2WYb4CA//1wJsyRqnFqRlDWS2AQ
QoPrMOtIeRgEJUf40jzXF4FF9EGMVg1PuDdpc6Fmbkc5b5CJuMHckFtKihlGQsQb
zK/bQI67WDHjU+IM/RD0NrDOxy/DcGRIF0Php4A2ZBOteE0lk3YQWPjhEREU6Tt6
KEmZicYk41Oj6rz1HKa1m2mDj8uAmBTBxlG2L0ial7fRqnzQzfY=
=jTji
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 04 12:17:03 2019
Received: (at control) by debbugs.gnu.org; 4 Dec 2019 17:17:03 +0000
Received: from localhost ([127.0.0.1]:42621 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1icYGt-0001pf-Hz
	for submit@debbugs.gnu.org; Wed, 04 Dec 2019 12:17:03 -0500
Received: from eggs.gnu.org ([209.51.188.92]:41802)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1icYGr-0001kf-PN
 for control@debbugs.gnu.org; Wed, 04 Dec 2019 12:17:02 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:51167)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1icYGl-0005zt-HX
 for control@debbugs.gnu.org; Wed, 04 Dec 2019 12:16:56 -0500
Received: from [160.174.176.236] (port=48196 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>) id 1icYGk-0002GL-US
 for control@debbugs.gnu.org; Wed, 04 Dec 2019 12:16:55 -0500
Date: Wed, 04 Dec 2019 18:16:52 +0100
Message-Id: <875ziwc8or.fsf@gnu.org>
To: control@debbugs.gnu.org
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Subject: control message for bug #38478
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

tags 38478 + security
quit





From unknown Thu Sep 11 13:39:45 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#38478] [PATCH 4/4] machine: ssh: <machine-ssh-configuration> can include the host key.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Wed, 04 Dec 2019 17:35:01 +0000
Resent-Message-ID: <handler.38478.B38478.157548084517958@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 38478
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch security
To: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze)
Cc: 38478@debbugs.gnu.org
Received: via spool by 38478-submit@debbugs.gnu.org id=B38478.157548084517958
          (code B ref 38478); Wed, 04 Dec 2019 17:35:01 +0000
Received: (at 38478) by debbugs.gnu.org; 4 Dec 2019 17:34:05 +0000
Received: from localhost ([127.0.0.1]:42646 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1icYXI-0004f9-2J
	for submit@debbugs.gnu.org; Wed, 04 Dec 2019 12:34:05 -0500
Received: from eggs.gnu.org ([209.51.188.92]:50228)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1icYXA-0004eq-IW
 for 38478@debbugs.gnu.org; Wed, 04 Dec 2019 12:33:58 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:51563)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1icYX4-0001Is-6H; Wed, 04 Dec 2019 12:33:46 -0500
Received: from [160.174.176.236] (port=48220 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1icYX3-0004V6-IS; Wed, 04 Dec 2019 12:33:46 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <20191203211557.21145-1-ludo@gnu.org>
 <20191203211557.21145-4-ludo@gnu.org>
 <87d0d4qlc0.fsf@sdf.lonestar.org>
Date: Wed, 04 Dec 2019 18:33:42 +0100
In-Reply-To: <87d0d4qlc0.fsf@sdf.lonestar.org> (Jakob L. Kreuze's message of
 "Wed, 04 Dec 2019 08:19:59 -0500")
Message-ID: <87tv6gatc9.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi!

zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) skribis:

> I've only been able to follow the updates to "guix deploy" somewhat
> tangentially, but I was very excited to see this patch in my inbox.
> Thumbs up from me, thanks Ludo!

Heheh, thank you!

I went ahead and pushed it as it seemed like a good idea to not wait.

BTW, I=E2=80=99m wondering if we should go further and deprecate missing/#f
=E2=80=98host-key=E2=80=99 fields altogether.  WDYT?

To me it just seems wiser to have that info within the deploy config
rather than out-of-band in ~/.ssh/known_hosts.

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 04 12:34:06 2019
Received: (at control) by debbugs.gnu.org; 4 Dec 2019 17:34:06 +0000
Received: from localhost ([127.0.0.1]:42649 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1icYXO-0004fi-5B
	for submit@debbugs.gnu.org; Wed, 04 Dec 2019 12:34:06 -0500
Received: from eggs.gnu.org ([209.51.188.92]:50400)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1icYXM-0004f8-FV
 for control@debbugs.gnu.org; Wed, 04 Dec 2019 12:34:04 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:51568)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1icYXH-0003R4-Ak
 for control@debbugs.gnu.org; Wed, 04 Dec 2019 12:33:59 -0500
Received: from [160.174.176.236] (port=48222 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>) id 1icYXG-0004XJ-Hi
 for control@debbugs.gnu.org; Wed, 04 Dec 2019 12:33:59 -0500
Date: Wed, 04 Dec 2019 18:33:56 +0100
Message-Id: <87sgm0atbv.fsf@gnu.org>
To: control@debbugs.gnu.org
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Subject: control message for bug #38478
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

tags 38478 fixed
close 38478 
quit





From unknown Thu Sep 11 13:39:45 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#38478] [PATCH 4/4] machine: ssh: <machine-ssh-configuration> can include the host key.
Resent-From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze)
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 06 Dec 2019 00:52:02 +0000
Resent-Message-ID: <handler.38478.B38478.157559349426027@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 38478
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: security patch fixed
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 38478@debbugs.gnu.org
Received: via spool by 38478-submit@debbugs.gnu.org id=B38478.157559349426027
          (code B ref 38478); Fri, 06 Dec 2019 00:52:02 +0000
Received: (at 38478) by debbugs.gnu.org; 6 Dec 2019 00:51:34 +0000
Received: from localhost ([127.0.0.1]:45453 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1id1qI-0006lj-8F
	for submit@debbugs.gnu.org; Thu, 05 Dec 2019 19:51:34 -0500
Received: from mx.sdf.org ([205.166.94.20]:57276)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zerodaysfordays@sdf.lonestar.org>)
 id 1id1qD-0006lV-HX
 for 38478@debbugs.gnu.org; Thu, 05 Dec 2019 19:51:33 -0500
Received: from Upsilon (natp-128-119-202-99.wireless.umass.edu
 [128.119.202.99]) (authenticated (0 bits))
 by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id xB60oXCf022928
 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO);
 Fri, 6 Dec 2019 00:51:28 GMT
From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze)
References: <20191203211557.21145-1-ludo@gnu.org>
 <20191203211557.21145-4-ludo@gnu.org> <87d0d4qlc0.fsf@sdf.lonestar.org>
 <87tv6gatc9.fsf@gnu.org>
Date: Thu, 05 Dec 2019 19:50:13 -0500
In-Reply-To: <87tv6gatc9.fsf@gnu.org> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Wed, 04 Dec 2019 18:33:42 +0100")
Message-ID: <87eexil1kq.fsf@sdf.lonestar.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> I went ahead and pushed it as it seemed like a good idea to not wait.

Agreed :)

> BTW, I=E2=80=99m wondering if we should go further and deprecate missing/=
#f
> =E2=80=98host-key=E2=80=99 fields altogether.  WDYT?
>
> To me it just seems wiser to have that info within the deploy config
> rather than out-of-band in ~/.ssh/known_hosts.

I feel that's more in-line with the goals of Guix -- implicitly reading
~/.ssh/known_hosts doesn't seem declarative to me. What's our means for
deprecating features like that? A warning message when omitted? If
that's the case, I'm definitely on board.

Regards,
Jakob

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl3ppccACgkQ9Qb9Fp2P
2VoOtQ//bsGKOOOJbZJ9xfSHTiuz3BaBO4kk1VM9sMqbIJE1IfdvavM4fGAem82g
lVJGsIdPLFtGcDnMETuobRUpP7u4qhrn1sBAhvUqmEO5iLCBXOXUI5W4fSkIYUnf
D98H9Pg0qE5yfru598ldCwhn3vJ3WAncwebmLbOrgSyNVKBlboLXt7JUG6xTgv5d
zsMVog47uIK5RfWDhw5T3GblfKijmIapqg32/W7GoHDRJ94/+Z/KBRd9iqeJSydl
9QSuntdp+5m5O7bjCzrNJBCtuMpJ6VLmG1sNLjdwDAbDEzvY5T7OJMvZdtrnbbPd
7GlUhz7Wsc1d7LqQ6JomqGLmfQQ3JiU0As5k4XFNbN+ZkOo2xaF3N6wutWP6DgJB
kt3Mupo8erdQbmgjeSGkVRff+7naIOIv+U5DJ6BsHdHe7F0ljzHKCjOsBvpyFBID
byCijr/szfXujiAME5xZv9SK6iOJNc5fri97tz5NhlBx+jXd0h9uhb3kkZXk432I
XsDWTHjNzq5hvK2TdXbibHJfJOICHgZrMUv1kA0X573WO4rWUfUFnI+jpkCd9ryj
5b4+3gcbZAn0H6D6H2zS9ngW+Gv8v2AKCFySBI3XxQrm0DaIg7kjkYFMnKjVfcwW
HhUV5wLYr8O6kB176dQrVQHAx28ST3e8/6hTHmi+8nWWz9qe4HE=
=2xax
-----END PGP SIGNATURE-----
--=-=-=--




From unknown Thu Sep 11 13:39:45 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#38478] [PATCH 4/4] machine: ssh: <machine-ssh-configuration> can include the host key.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 06 Dec 2019 16:16:04 +0000
Resent-Message-ID: <handler.38478.B38478.157564895619439@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 38478
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: security patch fixed
To: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze)
Cc: 38478@debbugs.gnu.org
Received: via spool by 38478-submit@debbugs.gnu.org id=B38478.157564895619439
          (code B ref 38478); Fri, 06 Dec 2019 16:16:04 +0000
Received: (at 38478) by debbugs.gnu.org; 6 Dec 2019 16:15:56 +0000
Received: from localhost ([127.0.0.1]:46939 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1idGGl-00053O-TR
	for submit@debbugs.gnu.org; Fri, 06 Dec 2019 11:15:56 -0500
Received: from eggs.gnu.org ([209.51.188.92]:57000)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1idGGa-00050v-27
 for 38478@debbugs.gnu.org; Fri, 06 Dec 2019 11:15:45 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:43179)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1idGGN-00026X-9U; Fri, 06 Dec 2019 11:15:27 -0500
Received: from [102.78.176.9] (port=14302 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1idCXM-0005UU-4q; Fri, 06 Dec 2019 07:16:44 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <20191203211557.21145-1-ludo@gnu.org>
 <20191203211557.21145-4-ludo@gnu.org>
 <87d0d4qlc0.fsf@sdf.lonestar.org> <87tv6gatc9.fsf@gnu.org>
 <87eexil1kq.fsf@sdf.lonestar.org>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 16 Frimaire an 228 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Fri, 06 Dec 2019 13:16:41 +0100
In-Reply-To: <87eexil1kq.fsf@sdf.lonestar.org> (Jakob L. Kreuze's message of
 "Thu, 05 Dec 2019 19:50:13 -0500")
Message-ID: <87a785abti.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi!

zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) skribis:

> Ludovic Court=C3=A8s <ludo@gnu.org> writes:

[...]

>> BTW, I=E2=80=99m wondering if we should go further and deprecate missing=
/#f
>> =E2=80=98host-key=E2=80=99 fields altogether.  WDYT?
>>
>> To me it just seems wiser to have that info within the deploy config
>> rather than out-of-band in ~/.ssh/known_hosts.
>
> I feel that's more in-line with the goals of Guix -- implicitly reading
> ~/.ssh/known_hosts doesn't seem declarative to me. What's our means for
> deprecating features like that? A warning message when omitted? If
> that's the case, I'm definitely on board.

Yup, we can emit a deprecation warning when the key is #f.

So let=E2=80=99s take that route if nobody objects.  It=E2=80=99s easier to=
 deprecate it
now that =E2=80=9Cguix deploy=E2=80=9D is still very new.

Ludo=E2=80=99.




From unknown Thu Sep 11 13:39:45 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#38478] [PATCH 4/4] machine: ssh: <machine-ssh-configuration> can include the host key.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sat, 07 Dec 2019 00:06:02 +0000
Resent-Message-ID: <handler.38478.B38478.157567710417226@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 38478
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: security patch fixed
To: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze)
Cc: 38478@debbugs.gnu.org
Received: via spool by 38478-submit@debbugs.gnu.org id=B38478.157567710417226
          (code B ref 38478); Sat, 07 Dec 2019 00:06:02 +0000
Received: (at 38478) by debbugs.gnu.org; 7 Dec 2019 00:05:04 +0000
Received: from localhost ([127.0.0.1]:47180 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1idNal-0004TN-C1
	for submit@debbugs.gnu.org; Fri, 06 Dec 2019 19:05:03 -0500
Received: from eggs.gnu.org ([209.51.188.92]:47513)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1idNad-0004T3-Gw
 for 38478@debbugs.gnu.org; Fri, 06 Dec 2019 19:04:58 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:53814)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1idNaY-0003L8-9B; Fri, 06 Dec 2019 19:04:46 -0500
Received: from [102.78.176.9] (port=14661 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1idNaX-0007w6-Ek; Fri, 06 Dec 2019 19:04:46 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <20191203211557.21145-1-ludo@gnu.org>
 <20191203211557.21145-4-ludo@gnu.org>
 <87d0d4qlc0.fsf@sdf.lonestar.org> <87tv6gatc9.fsf@gnu.org>
 <87eexil1kq.fsf@sdf.lonestar.org> <87a785abti.fsf@gnu.org>
Date: Sat, 07 Dec 2019 01:04:42 +0100
In-Reply-To: <87a785abti.fsf@gnu.org> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Fri, 06 Dec 2019 13:16:41 +0100")
Message-ID: <8736dx80h1.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Ludovic Court=C3=A8s <ludo@gnu.org> skribis:

> zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) skribis:
>
>> Ludovic Court=C3=A8s <ludo@gnu.org> writes:
>
> [...]
>
>>> BTW, I=E2=80=99m wondering if we should go further and deprecate missin=
g/#f
>>> =E2=80=98host-key=E2=80=99 fields altogether.  WDYT?
>>>
>>> To me it just seems wiser to have that info within the deploy config
>>> rather than out-of-band in ~/.ssh/known_hosts.
>>
>> I feel that's more in-line with the goals of Guix -- implicitly reading
>> ~/.ssh/known_hosts doesn't seem declarative to me. What's our means for
>> deprecating features like that? A warning message when omitted? If
>> that's the case, I'm definitely on board.
>
> Yup, we can emit a deprecation warning when the key is #f.
>
> So let=E2=80=99s take that route if nobody objects.  It=E2=80=99s easier =
to deprecate it
> now that =E2=80=9Cguix deploy=E2=80=9D is still very new.

Done in commit 2617d956d8ae122128a1ba2cc74983cbd683b042!

Ludo=E2=80=99.