Add an option to disable the dynamic host key policy.

This mitigates CVE-2020-14002: if you're in the habit of clicking OK to unknown host keys (the TOFU policy - trust on first use), then an active attacker looking to exploit that policy to substitute their own host key in your first connection to a server can use the host key algorithm order in your KEXINIT to (not wholly reliably) detect whether you have a key already stored for this host, and if so, abort their attack to avoid giving themself away. However, for users who _don't_ use the TOFU policy and instead check new host keys out of band, the dynamic policy is more useful. So it's provided as a configurable option.
2025-07-02 03:52:49 -05:00 · 2020-06-11 15:57:18 +01:00
parent 555aabebde
commit 08f1e2a506
6 changed files with 35 additions and 4 deletions
--- a/settings.c
+++ b/settings.c
@ -598,6 +598,7 @@ void save_open_settings(settings_w *sesskey, Conf *conf)
    wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
    wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
    wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist);
+    write_setting_b(sesskey, "PreferKnownHostKeys", conf_get_bool(conf, CONF_ssh_prefer_known_hostkeys));
    write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time));
 #ifndef NO_GSSAPI
    write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey));
@ -994,6 +995,7 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
    }
    gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN",
           hknames, HK_MAX, conf, CONF_ssh_hklist);
+    gppb(sesskey, "PreferKnownHostKeys", true, conf, CONF_ssh_prefer_known_hostkeys);
    gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time);
 #ifndef NO_GSSAPI
    gppi(sesskey, "GssapiRekey", GSS_DEF_REKEY_MINS, conf, CONF_gssapirekey);