SSH and Known Hosts

KW · Post by KW » Fri 08 Jan 2010 20:01

Does your ssh used in the mysqlconnect use a known hosts file? From what I understand without the a priori knowledge of the key you can be subjected to a man in the middle attack.

Shalex · Post by **Shalex** » Wed 13 Jan 2010 09:30

Our current implementation of SSH support doesn't allow to use the known_hosts file. This feature is on our roadmap. We cannot provide any timeframe at the moment. I will post here when this functionality is available.

KW · Post by KW » Mon 18 Jan 2010 19:16

Shalex wrote:Our current implementation of SSH support doesn't allow to use the known_hosts file. This feature is on our roadmap. We cannot provide any timeframe at the moment. I will post here when this functionality is available.

PuTTY FAQ wrote: A.2.9 Is there an option to turn off the annoying host key prompts?

No, there isn't. And there won't be. Even if you write it yourself
and send us the patch, we won't accept it.

Those annoying host key prompts are the _whole point_ of SSH.
Without them, all the cryptographic technology SSH uses to secure
your session is doing nothing more than making an attacker's job
slightly harder; instead of sitting between you and the server with
a packet sniffer, the attacker must actually subvert a router and
start modifying the packets going back and forth. But that's not all
that much harder than just sniffing; and without host key checking,
it will go completely undetected by client or server.

Host key checking is your guarantee that the encryption you put on
your data at the client end is the _same_ encryption taken off the
data at the server end; it's your guarantee that it hasn't been
removed and replaced somewhere on the way. Host key checking makes
the attacker's job _astronomically_ hard, compared to packet
sniffing, and even compared to subverting a router. Instead of
applying a little intelligence and keeping an eye on Bugtraq, the
attacker must now perform a brute-force attack against at least one
military-strength cipher. That insignificant host key prompt really
does make _that_ much difference.

Yes, it seems very difficult to implement truly secure connection to remote databases.

I'm curious of some combination of methods might do the trick, like using an SSH tunnel along with SSL or something, though off the top of my I dont think this would work.

Any other suggestions to encrypt / secure remote connections would be appreciated.

I'm just letting you know that OpenSSH is basically worthless without using the known_hosts file. Accepting anything without checking the fingerprint is a big no no.

Shalex · Post by **Shalex** » Tue 19 Jan 2010 11:55

We are working on the known_hosts file feature. I will post here when this functionality is implemented.

KW · Post by KW » Wed 20 Jan 2010 23:05

Shalex wrote:We are working on the known_hosts file feature. I will post here when this functionality is implemented.

Please if possible use StrictHostKeyChecking as a parameter.

StrictHostKeyChecking={no, ask, yes}

Shalex · Post by **Shalex** » Wed 17 Mar 2010 13:11

We have implemented the known_hosts file feature. I will notify you when the appropriate build is available for download.

KW · Post by KW » Mon 22 Mar 2010 20:26

Shalex wrote:We have implemented the known_hosts file feature. I will notify you when the appropriate build is available for download.

Great. Thank you for the update.