Add strict host key checking to SSH config (!3074) · Merge requests · GitLab.org / gitlab-runner

Merged John Cai requested to merge jc-add-strict-host-checking into main Aug 03, 2021

What does this MR do?

Adds two config values to the ssh config:

DisableStrictHostChecking - defaults to false KnowHostsFile - defaults to ~/.ssh/known_hosts for whichever user is running the GitLab Runner binary

This change enforces strict host checking unless explicitly told not to.

Other Changes

moved stub_ssh_server.go from the executors folder to the helpers/ssh folder as it seems to make more sense as a helper method, being used both in the executors/ssh package as well as the helpers/ssh package.

Why was this MR needed?

The ssh executor is susceptible to MITM attacks because of the missing StrictHostKeyChecking option.

What's the best way to test this MR?

setup an ssh server
ensure host is in known_hosts. If it's not, you can add it with the ssh-keyscan -p [port] >> ~/.ssh/known_hosts command
setup runner config.yml with an ssh executor.

concurrent = 1

[[runners]]
  name = "ssh executor"
  url = "https://gitlab.com/"
  token = "_REDACTED_"
  executor = "ssh"
  [runners.ssh]
    host = "127.0.0.1"
    port = "22"
    user = "USERNAME"
    password = "_REDACTED_"
    disable_strict_host_checking = true

set up .gitlab-ci.yml with a job that just prints something

variables:
  DURATION: 10

job:
  script:
  - 'for i in $(seq 1 $DURATION); do echo $(date); sleep 1; done'
  - echo "done"

run the pipeline

repeat but remove the entry in known_hosts

repeat with the missing entry in known_hosts but set DisableStrictHostChecking to true

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4368

Edited Sep 07, 2021 by John Cai