mirror of
git://git.savannah.gnu.org/guix.git
synced 2023-12-14 03:33:07 +01:00
ssh: Always authenticate the server [security fix].
Until now, users of 'open-ssh-session', including "guix deploy" and "GUIX_DAEMON_SOCKET=ssh://…" (but not "guix offload"), would not authenticate the SSH server they're talking to. * guix/ssh.scm (open-ssh-session): Call 'authenticate-server'.
This commit is contained in:
parent
114dcb429a
commit
f5c180180e
1 changed files with 11 additions and 0 deletions
11
guix/ssh.scm
11
guix/ssh.scm
|
@ -125,6 +125,17 @@ Throw an error on failure."
|
|||
|
||||
(match (connect! session)
|
||||
('ok
|
||||
;; Authenticate against ~/.ssh/known_hosts.
|
||||
(match (authenticate-server session)
|
||||
('ok #f)
|
||||
(reason
|
||||
(raise (condition
|
||||
(&message
|
||||
(message (format #f (G_ "failed to authenticate \
|
||||
server at '~a': ~a")
|
||||
(session-get session 'host)
|
||||
reason)))))))
|
||||
|
||||
;; Use public key authentication, via the SSH agent if it's available.
|
||||
(match (userauth-public-key/auto! session)
|
||||
('success
|
||||
|
|
Loading…
Reference in a new issue