vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-05 23:50:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

fix: upgrade SSH to StrictHostKeyChecking=accept-new (TOFU) and randomize temp paths (#849)

Browse source 
- Change SSH default from StrictHostKeyChecking=no to accept-new, which
  accepts host keys on first connection but rejects if they change later
  (Trust On First Use). This protects against MITM attacks on subsequent
  connections. Requires OpenSSH 7.6+ (released Oct 2017).
- Replace predictable $$-based temp file path in upload_config_file with
  $RANDOM to prevent symlink attacks on the remote server.

Addresses findings from issue #763.

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
A 2026-02-13 02:11:47 -08:00 committed by GitHub
parent 0f69e2abe9
commit fa5b4979e8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
cli/src/__tests__/shared-common-logging-utils.test.ts
View file

@ -667,9 +667,9 @@ describe("SSH_OPTS defaults", () => {
expect(result.stdout.length).toBeGreaterThan(0);
});
it("should disable strict host key checking", () => {
it("should use accept-new for strict host key checking (TOFU)", () => {
const result = runBash('echo "$SSH_OPTS"');
expect(result.stdout).toContain("StrictHostKeyChecking=no");
expect(result.stdout).toContain("StrictHostKeyChecking=accept-new");
});
it("should use /dev/null for known hosts file", () => {

4
shared/common.sh
View file

@ -960,7 +960,7 @@ register_cleanup_trap() {
# Default SSH options for all cloud providers
# Clouds can override this if they need provider-specific settings
if [[ -z "${SSH_OPTS:-}" ]]; then
SSH_OPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -i ${HOME}/.ssh/id_ed25519"
SSH_OPTS="-o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -i ${HOME}/.ssh/id_ed25519"
fi
# ============================================================
@ -1939,7 +1939,7 @@ upload_config_file() {
printf '%s\n' "${content}" > "${temp_file}"
local temp_remote="/tmp/spawn_config_$$_$(basename "${remote_path}")"
local temp_remote="/tmp/spawn_config_${RANDOM}_${RANDOM}_$(basename "${remote_path}")"
${upload_callback} "${temp_file}" "${temp_remote}"
${run_callback} "mv ${temp_remote} ${remote_path}"
}