Add strict host key checking to SSH config (!3074) · Merge requests · GitLab.org / gitlab-runner

You need to sign in or sign up before continuing.

What does this MR do?

Adds two config values to the ssh config:

DisableStrictHostChecking - defaults to false KnowHostsFile - defaults to ~/.ssh/known_hosts for whichever user is running the GitLab Runner binary

This change enforces strict host checking unless explicitly told not to.

Other Changes

moved stub_ssh_server.go from the executors folder to the helpers/ssh folder as it seems to make more sense as a helper method, being used both in the executors/ssh package as well as the helpers/ssh package.

Why was this MR needed?

The ssh executor is susceptible to MITM attacks because of the missing StrictHostKeyChecking option.

What's the best way to test this MR?

setup an ssh server
ensure host is in known_hosts. If it's not, you can add it with the ssh-keyscan -p [port] >> ~/.ssh/known_hosts command
setup runner config.yml with an ssh executor.

concurrent = 1

[[runners]]
  name = "ssh executor"
  url = "https://gitlab.com/"
  token = "_REDACTED_"
  executor = "ssh"
  [runners.ssh]
    host = "127.0.0.1"
    port = "22"
    user = "USERNAME"
    password = "_REDACTED_"
    disable_strict_host_checking = true

set up .gitlab-ci.yml with a job that just prints something

variables:
  DURATION: 10

job:
  script:
  - 'for i in $(seq 1 $DURATION); do echo $(date); sleep 1; done'
  - echo "done"

run the pipeline

repeat but remove the entry in known_hosts

repeat with the missing entry in known_hosts but set DisableStrictHostChecking to true

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4368

Edited Sep 07, 2021 by John Cai

Add strict host key checking to SSH config

What does this MR do?

Other Changes

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports