Start a new topic

Feature Request : Auto-Populate Host Key

Hi all,


I'm using RoyalTS for extended environments across a medium sized team of network engineers. As such, we are quite bothered by constantly having to click the "accept" button for the host key, for which we absolutely will not check whether or not the host key is correct - and that could be months after this service was actually created. This looks like a huge security risk to me, as an attacker would not be detected in these conditions.


In order to remedy that, we use specified host keys using putty.

However across 300 connections, nobody ever wants to be the one to go ahead and put all the keys in the configuration.


I  would be nice to have a "populate host-key" button in the connection configuration dialog that would query the server and automatically enter the md5 host key in there. We would do this upon creation and the connection would be forever secure.


Let me know if you think this is a good idea :)


Regards,


Hi Florian,


the host key handling depends on the plugin you use. In rebex we do have more control over the host key but PuTTY handles this outside of Royal TS. PuTTY stores the host keys in the registry. If you are using PuTTY in Royal TS you could write a script which generates the host keys and puts it in the registry. You could use our powershell cmdlets to go through the document and pre-create all the keys: https://docs.royalapps.com/r2021/scripting/intro.html


Regarding your comment about the security risk: the PuTTY host key prompt is shown when you connect the first time to your host. At that time you should check if the host key matches the one of the host you want to connect to. This key is then cached/stored in your local registry for PuTTY to reuse. The bigger security risk is to create all host keys automatically in bulk - assuming you are not verifying each one individually.


Regards,
Stefan

Hi Stefan,


Allow me to be more precise.

A VM user, regular user, is not a system engineer. Therefore s/he will not check that the host key is the one expected. How would he even know it to begin with :D. As such they will automatically accept the first host key they see, when they first connect. If there is a mitm attack at this time, then the attacker now has a valid ssh key to attack the system.


What we are trying to do is store the host key inside RoyalTS so that this situation cannot happen.

We are not considering doing this in batch, as you said, since this would indeed not be secure either, but do it connection by connection in a semi-manuel fashion.


What we are thinking about, is that upon creation of the "connection" in RoyalTS, the host key is put there, so that it is forever locked. Only this is complex to do with copy paste and is not efficient when you create multiple profiles. One single button could take care of querying the host key and putting it in the required field for Putty.


For MacOSX, the native SSH command allows for a custom host file, which could be dynamically generated upon connection and associated with a temporary host file via CLI. That would require another enhancement as well, as you pointed out.


For putty this host key is specified using the putty command line, and this is already implemented.


I do not use Rebex, but as you said there is probably a way to do this as well there.


I think overall this would definitely increase SSH security by a lot, and would be worth considering.


Do let me know what you think.

Regards,

Florian

 interesting information

Login or Signup to post a comment