Description
Description:
I've encountered a significant security concern within the sshForwardTransporter handshake process in the gost library. Specifically, in the file github.com/ginuerzh/gost/ssh.go at line 229, there is a critical configuration that bypasses host key verification, potentially exposing systems to Man-in-the-Middle (MitM) attacks.
The relevant code snippet is as follows:
config := ssh.ClientConfig{
Timeout: timeout,
HostKeyCallback: ssh.InsecureIgnoreHostKey(), // This line disables host key verification
}This configuration sets HostKeyCallback to ssh.InsecureIgnoreHostKey(), which effectively disables host key verification during the SSH connection establishment. As a result, any server's host key is accepted without validation, making it impossible for gost to ensure that it is connecting to the intended and trusted server.
Potential Impact:
Disabling host key verification significantly weakens the security of SSH connections managed by gost. An attacker could exploit this vulnerability by intercepting the SSH connection and presenting a forged host key, thereby enabling them to perform MitM attacks. This could lead to the theft of sensitive data, unauthorized access to systems, or the execution of malicious actions on behalf of legitimate users.
Suggested Solution:
To mitigate this risk, I recommend implementing a secure host key verification mechanism. This could involve using a known host key, or if dynamic host keys are expected, storing and comparing fingerprints against a list of trusted keys. The HostKeyCallback should be updated to use a callback function that checks the host key against a list of known or trusted keys.
For instance, the HostKeyCallback could be replaced with:
HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
// Implement your host key verification logic here
// Return nil if the host key is trusted, otherwise return an error
},Additional Notes:
Given the critical nature of this issue, I believe it would be beneficial to also add documentation or comments warning about the implications of disabling host key verification, especially when using gost in production environments where security is paramount.
Thank you for considering this report. I'm looking forward to seeing this issue addressed to enhance the security of gost's SSH functionality.
This issue description aims to clearly outline the problem, its potential impact, and suggests a practical solution while maintaining a professional tone suitable for a software project's issue tracker.