Add an option to disable the dynamic host key policy.

This mitigates CVE-2020-14002: if you're in the habit of clicking OK to unknown host keys (the TOFU policy - trust on first use), then an active attacker looking to exploit that policy to substitute their own host key in your first connection to a server can use the host key algorithm order in your KEXINIT to (not wholly reliably) detect whether you have a key already stored for this host, and if so, abort their attack to avoid giving themself away. However, for users who _don't_ use the TOFU policy and instead check new host keys out of band, the dynamic policy is more useful. So it's provided as a configurable option.
2025-07-01 11:32:48 -05:00 · 2020-06-11 15:57:18 +01:00
parent 555aabebde
commit 08f1e2a506
6 changed files with 35 additions and 4 deletions
--- a/windows/winhelp.h
+++ b/windows/winhelp.h
@ -102,6 +102,7 @@
 #define WINHELP_CTX_ssh_share "config-ssh-sharing"
 #define WINHELP_CTX_ssh_kexlist "config-ssh-kex-order"
 #define WINHELP_CTX_ssh_hklist "config-ssh-hostkey-order"
+#define WINHELP_CTX_ssh_hk_known "config-ssh-prefer-known-hostkeys"
 #define WINHELP_CTX_ssh_gssapi_kex_delegation "config-ssh-kex-gssapi-delegation"
 #define WINHELP_CTX_ssh_kex_repeat "config-ssh-kex-rekey"
 #define WINHELP_CTX_ssh_kex_manual_hostkeys "config-ssh-kex-manual-hostkeys"