Audit the use of
ssh.InsecureIgnoreHostKey function GSC-G106Use of ssh InsecureIgnoreHostKey should be audited
42 config := ssh.ClientConfig{
43 User: user,
44 Auth: auths,
45 HostKeyCallback: ssh.InsecureIgnoreHostKey(),46 }
47
48 addr := fmt.Sprintf("%s:%d", host, port)
Description
InsecureIgnoreHostKey is used to accept any host key. It should not be used for production code.
ssh.InsecureIgnoreHostKey(), the function simply returns a nil which has no host key checking handling and hence insecure. It is not recommended to configure your client to use ssh.InsecureIgnoreHostKey() in production.
Instead, secure configuration should be used to prevent server spoofing or man-in-the-middle attacks, which could otherwise be used to circumvent the encryption.
Bad practice
package main
import "golang.org/x/crypto/ssh"
func main() {
// SSH's Client Configuration
isc := &ssh.ClientConfig{
User: "user",
Auth: []ssh.AuthMethod{ssh.Password("pass")},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
}
Recommended
package main
import (
"encoding/base64"
"fmt"
"net"
"os"
"golang.org/x/crypto/ssh"
)
func keyString(pk ssh.PublicKey) string {
return pk.Type() + " " + base64.StdEncoding.EncodeToString(pk.Marshal())
}
func TrustedHostKeyCallback(key string) ssh.HostKeyCallback {
if key == "" {
return func(_ string, _ net.Addr, k ssh.PublicKey) error {
fmt.Fprintf(os.Stderr, "[WARN] SSH key verification is not in effect (Fix by adding trustedKey: %q)
", keyString(k))
return nil
}
}
return func(_ string, _ net.Addr, k ssh.PublicKey) error {
if ks := keyString(k); key != ks {
return fmt.Errorf("[ERROR] SSH key verification: expected %q but got %q", key, ks)
}
return nil
}
}
func main() {
// Server Key
hostKey := "dummy-host-key"
// SSH's Client Configuration
ssc := &ssh.ClientConfig{
User: "user",
Auth: []ssh.AuthMethod{ssh.Password("pass")},
HostKeyCallback: TrustedHostKeyCallback(hostKey),
}
}