New issue
Advanced search Search tips

Issue 877892 link

Starred by 3 users
Status: Duplicate
Merged: issue 208497
Owner: ----
Closed: Aug 27
Cc:
roddis@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

nassh: Add UI to Clear Known Host Key(s)

Project Member Reported by roddis@google.com, Aug 27 
Chrome Version: 69.0.3497.58 (Official Build) beta (64-bit)
OS: Chrome OS

What steps will reproduce the problem?
(1) Add host foo.example.com
(2) Connect to foo.example.com
(3) Disconnect from foo.example.com
(4) Change the host key (eg. reimage) on remote host foo.example.com
(5) Reconnect to foo.example.com

What is the expected result?
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:XXXX.
Please contact your system administrator.
Add correct host key in /.ssh/known_hosts to get rid of this message.
Offending RSA key in /.ssh/known_hosts:3
RSA host key for foo.example.com has changed and you have requested strict checking.
Host key verification failed.
NaCl plug-in exited with status code 255.

Use the UI to clear the known host key.


What happens instead?
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:XXXX.
Please contact your system administrator.
Add correct host key in /.ssh/known_hosts to get rid of this message.
Offending RSA key in /.ssh/known_hosts:3
RSA host key for foo.example.com has changed and you have requested strict checking.
Host key verification failed.
NaCl plug-in exited with status code 255.


Attempt to open Dev Tools to use:
term_.command.removeKnownHostByIndex(<$index>)
or
term_.command.removeAllKnownHosts()

But now dev tools are disabled on extensions installed by enterprise policy by default since M68.

Hterm does not expose a UI to clear a known host key which is the scope of this bug.

The new policy is: https://www.chromium.org/administrators/policy-list-3#DeveloperToolsAvailability
0 = Disallow usage of the Developer Tools on extensions installed by enterprise policy, allow usage of the Developer Tools in other contexts

I've set this as P2, as our Chrome OS fleet is affected and I can imagine other fleets having similar impact. Please adjust as you see suitable.

The goal of this bug is a UI change, not the DeveloperToolsAvailability policy.

Comment 1 by vapier@chromium.org, Aug 27

Mergedinto: 208497
Status: Duplicate (was: Untriaged)
Summary: nassh: Add UI to Clear Known Host Key(s) (was: Add UI to Clear Known Host Key(s))

Sign in to add a comment