Home page logo

oss-sec logo oss-sec mailing list archives

CVE Request: Ansible not caching SSH host keys
From: Michael Samuel <mik () miknet net>
Date: Mon, 1 Jul 2013 14:45:43 +1000


Default configuration does not cache SSH host keys, effectively disabling
host key checking

Note - do not credit me for finding this, I'm just the only person
indignant enough to request a CVE

A colleague found this bug, only to notice that it was logged by somebody
else (antong on github), and rejected:

This can be fixed by calling ssh.load_system_host_keys() after line 78 of

While it is possible to call the SSH command instead of using paramiko,
this isn't the default and the ramifications of not checking host keys
aren't advertised to users.  A more reasonable approach would be to
document how to un-cache a host key should it change.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]