Merge pull request #4 from yaronsumel/feature/CVE-2017-3204-fix

yaronsumel · web-flow · commit 5cf1998a8133 · 2019-04-25T18:33:17.000+03:00
CVE-2017-3204-fix: known_hosts validation support
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.idea/
diff --git a/README.md b/README.md
@@ -1,14 +1,20 @@
 # grapes [![Go Report Card](https://goreportcard.com/badge/github.com/yaronsumel/grapes)](https://goreportcard.com/report/github.com/yaronsumel/grapes) [![Build Status](https://travis-ci.org/yaronsumel/grapes.svg?branch=master)](https://travis-ci.org/yaronsumel/grapes) [![Build status](https://ci.appveyor.com/api/projects/status/fnepp81rdi8prawn/branch/master?svg=true)](https://ci.appveyor.com/project/yaronsumel/grapes/branch/master) [![GoDoc](https://godoc.org/github.com/yaronsumel/grapes?status.svg)](https://godoc.org/github.com/yaronsumel/grapes)
 
-> ## Warning : grapes currently DOES NOT validate the host key during the handshake ( CVE-2017-3204 ). Next version of grapes will support full host key validation.
-
 grapes is lightweight tool designed to distribute commands over ssh with ease.
 
+### Update (25/04/2019)
+ 
+Handshake validation is now in place in order to fix `CVE-2017-3204`, The validation will use the built-in fingerprint list `~/.ssh/known_hosts` as default. 
+ 
+In order to add your ssh server fingerprint to `known_hosts` run the following:
+
+    $ ssh-keyscan -H YOURHOST.COM >> ~/.ssh/known_hosts
+
 ### Installation ###
 
-  Run (golang v1.8+ required):
+  Run (golang v1.10+ required):
 
-    $ go get -u github.com/yaronsumel/grapes
+    $ export GO111MODULE=on; go get -u github.com/yaronsumel/grapes
 
 ### Usage ###
 
diff --git a/go.mod b/go.mod
@@ -2,7 +2,6 @@ module github.com/yaronsumel/graps
 
 require (
 	github.com/mitchellh/go-homedir v1.1.0
-	golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613
-	golang.org/x/sys v0.0.0-20190203050204-7ae0202eb74c // indirect
+	golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2
 	gopkg.in/yaml.v2 v2.2.2
 )
diff --git a/go.sum b/go.sum
@@ -1,9 +1,9 @@
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613 h1:MQ/ZZiDsUapFFiMS+vzwXkCTeEKaum+Do5rINYJDmxc=
-golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/sys v0.0.0-20190203050204-7ae0202eb74c h1:YeMXU0KQqExdpG959DFhAhfpY8myIsnfqj8lhNFRzzE=
-golang.org/x/sys v0.0.0-20190203050204-7ae0202eb74c/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
diff --git a/grape.go b/grape.go
@@ -2,8 +2,13 @@ package main
 
 import (
 	"fmt"
-	"gopkg.in/yaml.v2"
+	"log"
 	"sync"
+
+	"github.com/mitchellh/go-homedir"
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/knownhosts"
+	"gopkg.in/yaml.v2"
 )
 
 type (
@@ -46,22 +51,34 @@ func newGrape(input *input) *grape {
 	return &app
 }
 
-func (app *grape) run() {
+func (app *grape) run(knownHostsPath string) {
+
+	knownHostsPath, err := homedir.Expand(knownHostsPath)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	hostKeyCallback, err := knownhosts.New(knownHostsPath)
+	if err != nil {
+		log.Fatal(err)
+	}
+
 	for _, server := range app.servers {
 		if app.input.asyncFlag {
 			wg.Add(1)
-			go app.runOnServer(server, &wg)
+			go app.runOnServer(server, hostKeyCallback, &wg)
 		} else {
-			app.runOnServer(server, nil)
+			app.runOnServer(server, hostKeyCallback, nil)
 		}
 	}
 	if app.input.asyncFlag {
 		wg.Wait()
 	}
 }
 
-func (app *grape) runOnServer(server server, wg *sync.WaitGroup) {
-	client, err := app.ssh.newClient(server)
+func (app *grape) runOnServer(server server, hostKeyCallback ssh.HostKeyCallback, wg *sync.WaitGroup) {
+
+	client, err := app.ssh.newClient(server, hostKeyCallback)
 	if err != nil {
 		server.Fatal = err.Error()
 	} else {
diff --git a/grape_test.go b/grape_test.go
@@ -110,9 +110,9 @@ func TestRun(t *testing.T) {
 		},
 	}
 	app.input.asyncFlag = true
-	app.run()
+	app.run("testFiles/known_hosts")
 	app.input.asyncFlag = false
-	app.run()
+	app.run("testFiles/known_hosts")
 }
 
 func TestPrintOutput(t *testing.T) {
diff --git a/main.go b/main.go
@@ -6,7 +6,7 @@ import (
 )
 
 const (
-	version = "0.2.2"
+	version = "0.3.0"
 	welcome = `
 //      ____ __________ _____  ___  _____
 //     / __  / ___/ __  / __ \/ _ \/ ___/
@@ -33,5 +33,5 @@ func main() {
 
 	app.verifyAction()
 
-	app.run()
+	app.run("~/.ssh/known_hosts")
 }
diff --git a/ssh.go b/ssh.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
-	"net"
 
 	"golang.org/x/crypto/ssh"
 )
@@ -36,7 +35,7 @@ func (gSSH *grapeSSH) newError(errMsg string) sshError {
 func (gSSH *grapeSSH) setKey(keyPath keyPath) sshError {
 	privateBytes, err := ioutil.ReadFile(string(keyPath))
 	if err != nil {
-		return gSSH.newError("Could not open idendity file.")
+		return gSSH.newError("Could not open identity file.")
 	}
 	privateKey, err := ssh.ParsePrivateKey(privateBytes)
 	if err != nil {
@@ -46,21 +45,16 @@ func (gSSH *grapeSSH) setKey(keyPath keyPath) sshError {
 	return nil
 }
 
-func (gSSH *grapeSSH) newClient(server server) (*grapeSSHClient, sshError) {
+func (gSSH *grapeSSH) newClient(server server, hostKeyCallback ssh.HostKeyCallback) (*grapeSSHClient, sshError) {
 	client, err := ssh.Dial("tcp", server.Host, &ssh.ClientConfig{
 		User: server.User,
 		Auth: []ssh.AuthMethod{
 			ssh.PublicKeys(gSSH.keySigner),
 		},
-		// CVE-2017-3204
-		// "fix" for now : InsecureIgnoreHostKey
-		// gonna validate host key in the next version of grapes
-		HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
-			return nil
-		},
+		HostKeyCallback: hostKeyCallback,
 	})
 	if err != nil {
-		return nil, gSSH.newError("Could not establish ssh connection")
+		return nil, gSSH.newError(err.Error() + " - could not establish ssh connection")
 	}
 	return &grapeSSHClient{client}, nil
 }
@@ -71,7 +65,7 @@ func (client *grapeSSHClient) execCommand(cmd command) *sshOutput {
 	}
 	session, err := client.NewSession()
 	if err != nil {
-		output.Std.Err = "Could not establish ssh session"
+		output.Std.Err = "could not establish ssh session"
 	} else {
 		var stderr, stdout bytes.Buffer
 		session.Stdout, session.Stderr = &stdout, &stderr
diff --git a/ssh_test.go b/ssh_test.go
@@ -2,6 +2,8 @@ package main
 
 import (
 	"testing"
+
+	"golang.org/x/crypto/ssh/knownhosts"
 )
 
 func TestSetKey(t *testing.T) {
@@ -25,11 +27,17 @@ func TestNewClient(t *testing.T) {
 		User: "new",
 		Name: "public",
 	}
-	if _, err := gSSH.newClient(s); err != nil {
+
+	hostKeyCallback, err := knownhosts.New("testFiles/known_hosts")
+	if err != nil {
+		t.FailNow()
+	}
+
+	if _, err := gSSH.newClient(s, hostKeyCallback); err != nil {
 		t.FailNow()
 	}
 	s.Host = "localhost"
-	if _, err := gSSH.newClient(s); err == nil {
+	if _, err := gSSH.newClient(s, hostKeyCallback); err == nil {
 		t.FailNow()
 	}
 }
@@ -45,17 +53,23 @@ func TestExecCommand(t *testing.T) {
 		User: "new",
 		Name: "public",
 	}
-	client, err = gSSH.newClient(s)
+	hostKeyCallback, err := knownhosts.New("testFiles/known_hosts")
 	if err != nil {
-		t.FailNow()
+		t.Fatal(err)
+	}
+
+	client, err = gSSH.newClient(s, hostKeyCallback)
+	if err != nil {
+		t.Fatal(err)
 	}
-	output = client.execCommand("echo")
+
+	output = client.execCommand("ls -al")
 	if output.Std.Err == "could not establish ssh session" {
 		t.FailNow()
 	}
 	// make that panic
 	client.Close()
-	output = client.execCommand("echo")
+	output = client.execCommand("ls -al")
 	if output.Std.Err != "could not establish ssh session" {
 		t.FailNow()
 	}
@@ -76,11 +90,17 @@ func TestExecCommands(t *testing.T) {
 		User: "new",
 		Name: "public",
 	}
-	client, err = gSSH.newClient(s)
-	defer client.Close()
+
+	hostKeyCallback, err := knownhosts.New("testFiles/known_hosts")
 	if err != nil {
 		t.FailNow()
 	}
+
+	client, err = gSSH.newClient(s, hostKeyCallback)
+	if err != nil {
+		t.FailNow()
+	}
+	defer client.Close()
 	output := client.execCommands(demoCommands)
 	for _, v := range output {
 		if v.Std.Err == "could not establish ssh session" {
diff --git a/testFiles/known_hosts b/testFiles/known_hosts
@@ -0,0 +1,2 @@
+|1|uetecC7VBOynrr2sE7ZTSsgY26k=|L/s5sdGvRJgmsp1NECld0Ch6mlM= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1BBSaTBrKjpyDmIPt1t9oPvZpIxzm8D2kB/eLUoqXP9Eoicb3niMP8kWv1vhZQPGiQQ/q6sg+c92Bkk0ZiJTW9JdMJuaIfk+VDjGUV1US432mzq4581CFk/Q0HeHehrrAoqCKTcnp65/9UlnP3ljnyS1J0JE40YtjLIXfAeoJJKfKvrMhc1nOqn7NEMcmN8gY5ELr5R5ZUml0CsmurMDeIoeP9Ukf0PAc6uznv7JpL5GY+Eee8xXd8ehClZUY9kkvm6a6LIzPXtG5KXIYbGQkMrcDqWAdYOb2whfOICRbRLu16T8r30NjdHRjDq2kAH7upip4FqWGj96k+8ZmjA3f
+|1|Xfc8gDn9tAkrYMeF/FUn29o0tNU=|9UtkdQpQKdsaq6/U0UEzBfoC1jY= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJk3a190w/1TZkzVKORvz/kwyKmFY144lVeDFm80p17

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,6 @@ module github.com/yaronsumel/graps`
`2`	`2`
`3`	`3`	`require (`
`4`	`4`	`github.com/mitchellh/go-homedir v1.1.0`
`5`		`- golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613`
`6`		`- golang.org/x/sys v0.0.0-20190203050204-7ae0202eb74c // indirect`
	`5`	`+ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2`
`7`	`6`	`gopkg.in/yaml.v2 v2.2.2`
`8`	`7`	`)`
Original file line number	Diff line number	Diff line change
`@@ -110,9 +110,9 @@ func TestRun(t *testing.T) {`
`110`	`110`	`},`
`111`	`111`	`}`
`112`	`112`	`app.input.asyncFlag = true`
`113`		`- app.run()`
	`113`	`+ app.run("testFiles/known_hosts")`
`114`	`114`	`app.input.asyncFlag = false`
`115`		`- app.run()`
	`115`	`+ app.run("testFiles/known_hosts")`
`116`	`116`	`}`
`117`	`117`
`118`	`118`	`func TestPrintOutput(t *testing.T) {`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ import (`
`6`	`6`	`)`
`7`	`7`
`8`	`8`	`const (`
`9`		`- version = "0.2.2"`
	`9`	`+ version = "0.3.0"`
`10`	`10`	welcome = `
`11`	`11`	`// ____ __________ _____ ___ _____`
`12`	`12`	`// / __ / ___/ __ / __ \/ _ \/ ___/`
`@@ -33,5 +33,5 @@ func main() {`
`33`	`33`
`34`	`34`	`app.verifyAction()`
`35`	`35`
`36`		`- app.run()`
	`36`	`+ app.run("~/.ssh/known_hosts")`
`37`	`37`	`}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+\|1\|uetecC7VBOynrr2sE7ZTSsgY26k=\|L/s5sdGvRJgmsp1NECld0Ch6mlM= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1BBSaTBrKjpyDmIPt1t9oPvZpIxzm8D2kB/eLUoqXP9Eoicb3niMP8kWv1vhZQPGiQQ/q6sg+c92Bkk0ZiJTW9JdMJuaIfk+VDjGUV1US432mzq4581CFk/Q0HeHehrrAoqCKTcnp65/9UlnP3ljnyS1J0JE40YtjLIXfAeoJJKfKvrMhc1nOqn7NEMcmN8gY5ELr5R5ZUml0CsmurMDeIoeP9Ukf0PAc6uznv7JpL5GY+Eee8xXd8ehClZUY9kkvm6a6LIzPXtG5KXIYbGQkMrcDqWAdYOb2whfOICRbRLu16T8r30NjdHRjDq2kAH7upip4FqWGj96k+8ZmjA3f`
	`2`	`+\|1\|Xfc8gDn9tAkrYMeF/FUn29o0tNU=\|9UtkdQpQKdsaq6/U0UEzBfoC1jY= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJk3a190w/1TZkzVKORvz/kwyKmFY144lVeDFm80p17`