ssh: Always authenticate the server [security fix].

Until now, users of 'open-ssh-session', including "guix deploy" and "GUIX_DAEMON_SOCKET=ssh://…" (but not "guix offload"), would not authenticate the SSH server they're talking to. * guix/ssh.scm (open-ssh-session): Call 'authenticate-server'.
2019-12-03 21:41:54 +01:00 · 2019-12-03 21:41:54 +01:00 · f5c180180e
parent 114dcb429a
commit f5c180180e
1 changed files with 11 additions and 0 deletions
--- a/guix/ssh.scm
+++ b/guix/ssh.scm
@ -125,6 +125,17 @@ Throw an error on failure."

    (match (connect! session)
      ('ok
+       ;; Authenticate against ~/.ssh/known_hosts.
+       (match (authenticate-server session)
+         ('ok #f)
+         (reason
+          (raise (condition
+                  (&message
+                   (message (format #f (G_ "failed to authenticate \
+server at '~a': ~a")
+                                    (session-get session 'host)
+                                    reason)))))))
+
       ;; Use public key authentication, via the SSH agent if it's available.
       (match (userauth-public-key/auto! session)
         ('success