Skip to content

fix: enforce SSH2 host key verification via known_hosts #2979

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ThomasK33 wants to merge 4 commits into
base: main
Choose a base branch
from
+142 −4
Open

fix: enforce SSH2 host key verification via known_hosts #2979

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3fe3912
fix: verify SSH2 host keys against known_hosts
ThomasK33 Mar 16, 2026
26e2fc9
fix: enforce SSH2 host key verification via known_hosts
ThomasK33 Mar 16, 2026
c73754a
fix: resolve lint escape warning in SSH2 known_hosts matcher
ThomasK33 Mar 16, 2026
d76ea06
fix: ignore revoked/cert-authority known_hosts markers
ThomasK33 Mar 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
146 changes: 142 additions & 4 deletions src/node/runtime/SSH2ConnectionPool.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import * as fs from "fs/promises";
import * as os from "os";
import * as path from "path";
import { createHmac } from "crypto";
import { spawn, type ChildProcess } from "child_process";
import { Duplex } from "stream";
import type { Client } from "ssh2";
Expand Down Expand Up @@ -138,6 +139,137 @@ const DEFAULT_IDENTITY_FILES = [
"~/.ssh/id_ed25519_sk",
"~/.ssh/id_dsa",
];

const KNOWN_HOSTS_PATH = path.join(os.homedir(), ".ssh", "known_hosts");

function matchesHashedKnownHost(pattern: string, host: string): boolean {
if (!pattern.startsWith("|1|")) {
return false;
}

const parts = pattern.split("|");
if (parts.length !== 5) {
return false;
}

const salt = Buffer.from(parts[3], "base64");
const expected = parts[4];
const actual = createHmac("sha1", salt).update(host).digest("base64");
return actual === expected;
}

const REGEX_SPECIAL_CHARS = new Set(["\\", "^", "$", "+", "?", ".", "(", ")", "|", "{", "}", "[", "]"]);

function wildcardPatternToRegex(pattern: string): RegExp {
let regex = "^";
for (const char of pattern) {
if (char === "*") {
regex += ".*";
continue;
}

if (char === "?") {
regex += ".";
continue;
}

if (REGEX_SPECIAL_CHARS.has(char)) {
regex += `\\${char}`;
continue;
}

regex += char;
}

regex += "$";
return new RegExp(regex);
}

function matchesKnownHostPattern(pattern: string, host: string): boolean {
if (pattern === "*" || pattern === host) {
return true;
}

if (pattern.includes("*") || pattern.includes("?")) {
return wildcardPatternToRegex(pattern).test(host);
}

return matchesHashedKnownHost(pattern, host);
}

function hostPatternListMatches(patterns: string[], host: string): boolean {
let hasPositiveMatch = false;

for (const rawPattern of patterns) {
const isNegated = rawPattern.startsWith("!");
const pattern = isNegated ? rawPattern.slice(1) : rawPattern;
if (!pattern) {
continue;
}

if (!matchesKnownHostPattern(pattern, host)) {
continue;
}

if (isNegated) {
return false;
}

hasPositiveMatch = true;
}

return hasPositiveMatch;
}

async function getKnownHostPublicKeys(host: string, port: number): Promise<Buffer[]> {
const knownHostsEntries = [host, `[${host}]:${port}`];

let content: string;
try {
content = await fs.readFile(KNOWN_HOSTS_PATH, "utf8");
} catch {
return [];
}

const keys: Buffer[] = [];
for (const line of content.split(/\r?\n/)) {
const trimmed = line.trim();
if (!trimmed || trimmed.startsWith("#")) {
continue;
}

const fields = trimmed.split(/\s+/);
const marker = fields[0]?.startsWith("@") ? fields[0] : undefined;
if (marker === "@revoked" || marker === "@cert-authority") {
// The SSH2 verifier expects concrete host keys, not revoked keys or CA keys.
continue;
}

const hostFieldIndex = marker ? 1 : 0;
const keyFieldIndex = hostFieldIndex + 2;
const hostPatterns = fields[hostFieldIndex]?.split(",");
const keyBlob = fields[keyFieldIndex];
if (!hostPatterns?.length || !keyBlob) {
continue;
}

const matchesHost = knownHostsEntries.some((knownHost) =>
hostPatternListMatches(hostPatterns, knownHost)
);
if (!matchesHost) {
continue;
}

try {
keys.push(Buffer.from(keyBlob, "base64"));
} catch {
// Ignore malformed known_hosts entries.
}
}

return keys;
}

function expandLocalPath(value: string): string {
if (value === "~") {
return os.homedir();
Expand Down Expand Up @@ -569,6 +701,11 @@ export class SSH2ConnectionPool {
cleanupProxy();
});

const allowedHostKeys = await getKnownHostPublicKeys(
resolvedConfig.hostName,
resolvedConfig.port
);

await new Promise<void>((resolve, reject) => {
const onReady = () => {
cleanup();
Expand Down Expand Up @@ -607,10 +744,11 @@ export class SSH2ConnectionPool {
keepaliveInterval: 5000,
keepaliveCountMax: 2,
...(privateKey ? { privateKey } : {}),
// TODO(ethanndickson): Implement known_hosts support for SSH2
// and restore interactive host key verification once approvals
// can be persisted between connections.
hostVerifier: () => true,
// Enforce known_hosts host key pinning so SSH2 cannot silently
// accept attacker-controlled keys during transport negotiation.
hostVerifier: (presentedKey: Buffer) =>
allowedHostKeys.length > 0 &&
allowedHostKeys.some((knownHostKey) => knownHostKey.equals(presentedKey)),
};

client.connect(connectOptions);
Expand Down
Loading