robusta icon indicating copy to clipboard operation
robusta copied to clipboard
verified publisher icon robusta-dev

SSH HostKeys are not verified with git commands permitting MITM attacks (GitRepo)

Open rudis opened this issue 3 years ago • 3 comments

Hello,

src/robusta/integrations/git/git_repo.py contains the following code:

os.system(f"ssh-keyscan -H github.com bitbucket.org >> {SSH_ROOT_DIR}/known_hosts")

While this makes it easy to connect via SSH it also completely bypasses hostkey checks.

This should not be the default! From what I can see it's also not documented.

While testing git_audit_change I also didn't find a way to specify additional hostkeys; in my case to connect to a non-Github git server.

Best, Simon

rudis avatar Dec 03 '22 18:12 rudis

Thanks for reporting it @rudis

Your description of the problem is accurate. We will add host keys configuration option, and will change the default behavior

arikalon1 avatar Dec 03 '22 23:12 arikalon1

Is the host key config option being worked on?

llavin avatar Jan 30 '24 16:01 llavin

Hi @llavin No one is working on it at the moment

arikalon1 avatar Jan 30 '24 18:01 arikalon1

@llavin @rudis https://github.com/robusta-dev/robusta/pull/1313

RobertSzefler avatar Feb 28 '24 09:02 RobertSzefler