[frameworks-kio] [Bug 392903] New: sftp doesn't work with hashed known_hosts file

Sun, 08 Apr 2018 20:52:59 -0700 

https://bugs.kde.org/show_bug.cgi?id=392903

            Bug ID: 392903
           Summary: sftp doesn't work with hashed known_hosts file
           Product: frameworks-kio
           Version: 5.44.0
          Platform: Other
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: fa...@kde.org
          Reporter: alivema4e...@gmail.com
                CC: kdelibs-b...@kde.org
  Target Milestone: ---

sftp doesn't work with hashed known_hosts file

version: 17.12.3
framework: 5.44.0
Qt: 5.10.1

Description:

dolphin doesn't connect to sftp server if the server is listed in a hashed
known_hosts file.

Steps to reproduce:

Backup original ~/.ssh/config and ~/.ssh/known_hosts

Insert the following entry to ~/.ssh/config so that newly encountered host will
be hashed.

Host *
        HashKnownHosts yes

Convert the known_hosts file to hashed known_hosts (the original known_hosts
file will be backed up as known_hosts.old)

$ ssh-keygen -H -f ~/.ssh/known_hosts

Search for specified host or ip address in the hashed ~/.ssh/known_hosts file,
for example the localhost (127.0.0.1)

$ ssh-keygen -F 127.0.0.1 -f ~/.ssh/known_hosts
# Host 127.0.0.1 found: line 45
|1|.... ecdsa-sha2-nistp256 ....(output suppressed)

Now, launch dolphin and type sftp://username@hostname on the address bar (press
Ctrl+L to activate the address bar).

A red warning appears, which states the reason of why dolphin refuses to
connect.

The host key for this server was not found, but another type of key exists.
An attacker might change the default server key to confuse your client into
thinking the key does not exist.
Please contact your system administrator.

Additional Information:

This is a false alarm, since ~/.ssh/known_hosts is valid hashed known_hosts
file.  It seems that dolphin (or the underlying subsystem) parses the hashed
known hosts directly, without relying to ssh-keygen to do the job.

Dolphin only connects to the server if the known_hosts file is not hashed.
Dolphin also doesn't respect the ~/.ssh/config to hash newly added host
(HashKnownHosts yes) and appends a plain host entry whenever it encounters a
new sftp host.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to