-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Host key validation doesn't work when not using port 22 #8139
Comments
Will default to ignoring host keys for now, so that it works with 2.1.1. Also using $CONTAINER_SSHKEY, so avoid the ssh infrastructure. |
@jwhonce PTAL |
There is a related issue, when user (or system) is using hashed entries (|) in known_hosts: ssh-keyscan(1)
sshd(8)
But I can open separate issue for that, EDIT: My bad, there is:
Not sure if anyone actually uses the commas or wildcards or negation, so can ignore those... |
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
The retrieval of the HostKey doesn't account for ports, and fails to find the proper host key.
Unfortunately the fallback for FixedHostKey is InsecureIgnoreHostKey, so no error is shown.
Steps to reproduce the issue:
# run "minikube podman-env" to set up the podman environment for connecting to podman
export CONTAINER_HOST="ssh://[email protected]:32811/run/podman/podman.sock?secure=True"
podman-remote version
Describe the results you received:
Happily connects, even when the host key has been changed (or not properly updated)
So the "secure" parameter doesn't have any effect, behaves the same as without "secure"
Describe the results you expected:
Error: Failed to create sshClient: Connection to bastion host (ssh://[email protected]:32811/run/podman/podman.sock?secure=True) failed.: ssh: handshake failed: ssh: host key mismatch
Using a regular
ssh
connection rightfully complains about the connection not being secure:Additional information you deem important (e.g. issue happens only occasionally):
Only happens when using a ssh port other than 22.
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
Ubuntu 20.04
The text was updated successfully, but these errors were encountered: