#1203 Hash the hostname/port information in the known_hosts file.
Closed: Fixed None Opened 8 years ago by asn.

Last week I discussed the SSH known_hosts work with Honza. I thought about the stuff on the weekend. The plan is to have a global known_hosts file which gets written by sssd. This means that all users on this system have access which means reveal information to a lot of people who might not have this detailed information. So the hostnames should be stored hashed in the known_hosts file.

This way they do not reveal identifying information should the file's contents be disclosed. OpenSSH supports hashing since quite some time now.

Normally it looks like this:

|1|dTVaYG/giqH3nvoLfGECyOsiMDs=|RzAc9qu1lG+3ZtajFbaVuL02SZA= ssh-rsa ...
|1|base64(salt)|base64(hash)|

Here is some pseudo code for comparing it:

match_hashed_host(hostname, sourcehash) {

salt = base64_decode(sourcehash + 3)
hash = base64_decode(sourehash + strlen(salthash))

mac = sha1_hmac(hostname, salt)

if (mac == hash)
  woohoo
else
  cry
}

Fields changed

description: Last week I discussed the SSH known_hosts work with Honza. I thought about the stuff on the weekend. The plan is to have a global known_hosts file which gets written by sssd. This means that all users on this system have access which means reveal information to a lot of people who might not have this detailed information. So the hostnames should be stored hashed in the known_hosts file.
This way they do not reveal identifying information should the file's contents be disclosed. OpenSSH supports hashing since quite some time now.

Normally it looks like this:

|1|dTVaYG/giqH3nvoLfGECyOsiMDs=|RzAc9qu1lG+3ZtajFbaVuL02SZA= ssh-rsa ...
|1|base64(salt)|base64(hash)|

Here is some pseudo code for comparing it:

match_hashed_host(hostname, sourcehash) {

salt = base64_decode(sourcehash + 3)
hash = base64_decode(sourehash + strlen(salthash))

mac = sha1_hmac(hostname, salt)

if (mac == hash)
woohoo
else
cry
}
=> Last week I discussed the SSH known_hosts work with Honza. I thought about the stuff on the weekend. The plan is to have a global known_hosts file which gets written by sssd. This means that all users on this system have access which means reveal information to a lot of people who might not have this detailed information. So the hostnames should be stored hashed in the known_hosts file.

This way they do not reveal identifying information should the file's contents be disclosed. OpenSSH supports hashing since quite some time now.

Normally it looks like this:
{{{
|1|dTVaYG/giqH3nvoLfGECyOsiMDs=|RzAc9qu1lG+3ZtajFbaVuL02SZA= ssh-rsa ...
|1|base64(salt)|base64(hash)|
}}}
Here is some pseudo code for comparing it:

{{{
match_hashed_host(hostname, sourcehash) {

salt = base64_decode(sourcehash + 3)
hash = base64_decode(sourehash + strlen(salthash))

mac = sha1_hmac(hostname, salt)

if (mac == hash)
woohoo
else
cry
}
}}}

Fields changed

milestone: SSSD SSH Cleanup => SSSD 1.9 beta

Fields changed

owner: somebody => jcholast
status: new => assigned

Fields changed

patch: 0 => 1

Fixed by:
- b35f20c
- 4fa3ef8

resolution: => fixed
status: assigned => closed

Metadata Update from @asn:
- Issue assigned to jcholast
- Issue set to the milestone: SSSD 1.9.0 beta 1

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2245

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata