Add strict host key checking to SSH config
What does this MR do?
Adds two config values to the ssh config:
DisableStrictHostChecking
- defaults to false
KnowHostsFile
- defaults to ~/.ssh/known_hosts
for whichever user is running the GitLab Runner binary
This change enforces strict host checking unless explicitly told not to.
Other Changes
- moved
stub_ssh_server.go
from theexecutors
folder to thehelpers/ssh
folder as it seems to make more sense as a helper method, being used both in theexecutors/ssh
package as well as thehelpers/ssh
package.
Why was this MR needed?
The ssh executor is susceptible to MITM attacks because of the missing StrictHostKeyChecking
option.
What's the best way to test this MR?
- setup an ssh server
- ensure host is in
known_hosts
. If it's not, you can add it with thessh-keyscan -p [port] >> ~/.ssh/known_hosts
command - setup runner config.yml with an ssh executor.
concurrent = 1
[[runners]]
name = "ssh executor"
url = "https://gitlab.com/"
token = "_REDACTED_"
executor = "ssh"
[runners.ssh]
host = "127.0.0.1"
port = "22"
user = "USERNAME"
password = "_REDACTED_"
disable_strict_host_checking = true
- set up
.gitlab-ci.yml
with a job that just prints something
variables:
DURATION: 10
job:
script:
- 'for i in $(seq 1 $DURATION); do echo $(date); sleep 1; done'
- echo "done"
- run the pipeline
repeat but remove the entry in known_hosts
repeat with the missing entry in known_hosts
but set DisableStrictHostChecking
to true
What are the relevant issue numbers?
Edited by John Cai