Page MenuHomePhabricator

Use "LogLevel=ERROR" to try to improve "ssh" hostkey behavior without doing anything extreme/hacky
ClosedPublic

Authored by epriestley on Mar 1 2019, 5:51 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 25 2024, 2:27 PM
Unknown Object (File)
Dec 24 2023, 5:04 AM
Unknown Object (File)
Dec 14 2023, 7:08 PM
Unknown Object (File)
Nov 30 2023, 4:19 AM
Unknown Object (File)
Nov 17 2023, 4:19 AM
Unknown Object (File)
Nov 4 2023, 6:11 AM
Unknown Object (File)
Oct 28 2023, 3:06 PM
Unknown Object (File)
Oct 23 2023, 11:27 PM
Subscribers
Restricted Owners Package

Details

Summary

Ref T13121. When you connect to a host with SSH, don't already know the host key, and don't have strict host key checking, it prints "Permanently adding host X to known hosts". This is super un-useful.

In a perfect world, we'd probably always have strict host key checking, but this is a significant barrier to configuration/setup and I think not hugely important (MITM attacks against SSH hosts are hard/rare and probably not hugely valuable). I'd imagine a more realistic long term approach is likely optional host key checking.

For now, try using LogLevel=ERROR instead of LogLevel=quiet to suppress this error. This should be strictly better (since at least some messages we want to see are ERROR or better), although it may not be perfect (there may be other INFO messages we would still like to see).

Test Plan
  • Ran ssh -o LogLevel=... -o 'StrictHostKeyChecking=no' -o 'UserKnownHostsFile=/dev/null' with bad credentials, for "ERROR", "quiet", and default ("INFO") log levels.
  • With INFO, got a warning about adding the key, then an error about bad credentials (bad: don't want the key warning).
  • With quiet, got nothing (bad: we want the credential error).
  • With ERROR, got no warning but did get an error (good!).

Not sure this always gives us exactly what we want, but it seems like an improvement over "quiet".

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Owners added a subscriber: Restricted Owners Package.Mar 1 2019, 5:52 PM
epriestley retitled this revision from Use "LogLevel=ERROR" to try to improve "ssh" hostkey behavior without doing anythign extreme/hacky to Use "LogLevel=ERROR" to try to improve "ssh" hostkey behavior without doing anything extreme/hacky.Mar 1 2019, 5:53 PM
This revision is now accepted and ready to land.Mar 3 2019, 11:34 PM
This revision was automatically updated to reflect the committed changes.