Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Vulnerability in SSH ForwardTransporter Handshake Process #1040

Open
nyxfqq opened this issue Jul 16, 2024 · 0 comments
Open

Security Vulnerability in SSH ForwardTransporter Handshake Process #1040

nyxfqq opened this issue Jul 16, 2024 · 0 comments

Comments

@nyxfqq
Copy link

nyxfqq commented Jul 16, 2024


Description:
I've encountered a significant security concern within the sshForwardTransporter handshake process in the gost library. Specifically, in the file github.com/ginuerzh/gost/ssh.go at line 229, there is a critical configuration that bypasses host key verification, potentially exposing systems to Man-in-the-Middle (MitM) attacks.

The relevant code snippet is as follows:

config := ssh.ClientConfig{
    Timeout:         timeout,
    HostKeyCallback: ssh.InsecureIgnoreHostKey(), // This line disables host key verification
}

This configuration sets HostKeyCallback to ssh.InsecureIgnoreHostKey(), which effectively disables host key verification during the SSH connection establishment. As a result, any server's host key is accepted without validation, making it impossible for gost to ensure that it is connecting to the intended and trusted server.

Potential Impact:
Disabling host key verification significantly weakens the security of SSH connections managed by gost. An attacker could exploit this vulnerability by intercepting the SSH connection and presenting a forged host key, thereby enabling them to perform MitM attacks. This could lead to the theft of sensitive data, unauthorized access to systems, or the execution of malicious actions on behalf of legitimate users.

Suggested Solution:
To mitigate this risk, I recommend implementing a secure host key verification mechanism. This could involve using a known host key, or if dynamic host keys are expected, storing and comparing fingerprints against a list of trusted keys. The HostKeyCallback should be updated to use a callback function that checks the host key against a list of known or trusted keys.

For instance, the HostKeyCallback could be replaced with:

HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
    // Implement your host key verification logic here
    // Return nil if the host key is trusted, otherwise return an error
},

Additional Notes:
Given the critical nature of this issue, I believe it would be beneficial to also add documentation or comments warning about the implications of disabling host key verification, especially when using gost in production environments where security is paramount.

Thank you for considering this report. I'm looking forward to seeing this issue addressed to enhance the security of gost's SSH functionality.


This issue description aims to clearly outline the problem, its potential impact, and suggests a practical solution while maintaining a professional tone suitable for a software project's issue tracker.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant