GNU bug report logs - #38478
[PATCH 0/4] "guix deploy" authenticates SSH servers [security]

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Tue, 3 Dec 2019 21:11:02 UTC

Severity: normal

Tags: fixed, patch, security

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: zerodaysfordays <at> sdf.lonestar.org (Jakob L. Kreuze)
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 38478 <at> debbugs.gnu.org
Subject: [bug#38478] [PATCH 4/4] machine: ssh: <machine-ssh-configuration> can include the host key.
Date: Thu, 05 Dec 2019 19:50:13 -0500

[Message part 1 (text/plain, inline)]

Ludovic Courtès <ludo <at> gnu.org> writes:

> I went ahead and pushed it as it seemed like a good idea to not wait.

Agreed :)

> BTW, I’m wondering if we should go further and deprecate missing/#f
> ‘host-key’ fields altogether.  WDYT?
>
> To me it just seems wiser to have that info within the deploy config
> rather than out-of-band in ~/.ssh/known_hosts.

I feel that's more in-line with the goals of Guix -- implicitly reading
~/.ssh/known_hosts doesn't seem declarative to me. What's our means for
deprecating features like that? A warning message when omitted? If
that's the case, I'm definitely on board.

Regards,
Jakob

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 5 years and 252 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #38478 [PATCH 0/4] "guix deploy" authenticates SSH servers [security]

GNU bug report logs - #38478
[PATCH 0/4] "guix deploy" authenticates SSH servers [security]