Repository: guacamole-manual Updated Branches: refs/heads/master 06dd5933c -> c0f679cbf
GUACAMOLE-527: Document SSH host key verification. Project: http://git-wip-us.apache.org/repos/asf/guacamole-manual/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-manual/commit/45fd2451 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-manual/tree/45fd2451 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-manual/diff/45fd2451 Branch: refs/heads/master Commit: 45fd24512bf578c6e94a4d11f033c47a63ce35bb Parents: fbd81b0 Author: Nick Couchman <[email protected]> Authored: Tue Jun 26 16:18:33 2018 -0400 Committer: Nick Couchman <[email protected]> Committed: Tue Jun 26 16:18:33 2018 -0400 ---------------------------------------------------------------------- src/chapters/configuring.xml | 61 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-manual/blob/45fd2451/src/chapters/configuring.xml ---------------------------------------------------------------------- diff --git a/src/chapters/configuring.xml b/src/chapters/configuring.xml index 7d78a5a..89390ab 100644 --- a/src/chapters/configuring.xml +++ b/src/chapters/configuring.xml @@ -842,6 +842,17 @@ guaclog: INFO: All files interpreted successfully.</computeroutput> </entry> </row> <row> + <entry><parameter>sftp-host-key</parameter></entry> + <entry> + <para>The known hosts entry for the SFTP server. This + parameter is optional, and, if not provided, no verification + of SFTP host identity will be done. If the parameter is + provided the identity of the server will be checked + against the data.</para> + <para>For more information, please see <xref linkend="ssh-host-verification"/>.</para> + </entry> + </row> + <row> <entry><parameter>sftp-username</parameter></entry> <entry> <para>The username to authenticate as when connecting to the @@ -2428,6 +2439,17 @@ ed272546-87bd-4db9-acba-e36e1a9ca20a </entry> </row> <row> + <entry><parameter>sftp-host-key</parameter></entry> + <entry> + <para>The known hosts entry for the SFTP server. This + parameter is optional, and, if not provided, no verification + of SFTP host identity will be done. If the parameter is + provided the identity of the server will be checked + against the data.</para> + <para>For more information, please see <xref linkend="ssh-host-verification"/>.</para> + </entry> + </row> + <row> <entry><parameter>sftp-username</parameter></entry> <entry> <para>The username to authenticate as when connecting to the @@ -2704,6 +2726,31 @@ ed272546-87bd-4db9-acba-e36e1a9ca20a <para>SSH support for Guacamole is provided by the <package>libguac-client-ssh</package> library, which will be installed as part of guacamole-server if the required dependencies are present during the build.</para> + <section xml:id="ssh-host-verification"> + <important> + <para>By default, Guacamole does not do any verification of host identity before + establishing SSH connections. While this may be safe for private and trusted + networks it is not ideal for large networks with unknown/untrusted systems, + or for SSH connections that traverse the Internet. The potential exists for + Man-in-the-Middle (MitM) attacks on these types of networks.</para> + <para>Guacamole includes two methods for verifying SSH (and SFTP) server identity + for connections that can be used to make sure that the host you are + connecting to is a host that you know and trust. The first method is by + reading a file in GUACAMOLE_HOME call ssh_known_hosts. This file should be + in the format of a standard OpenSSH known_hosts file. If the file is not + present, no verification is done. If the file is present, it is read in + at connection time and remote host identities are verified against the + keys present in the file.</para> + <para>The second method for verifying host identity is by passing a connection + parameter that contains an OpenSSH known hosts entry for that specific host. + The host-key parameter is used for SSH connections, and for SFTP connections + for other protocols the sftp-host-key parameter is used. If these parameters + are not present on their respective connections no host identity verification + is performed. If the parameter is present then the identity of the remote + host is verified against the identity provided in the parameter before a + connection is established.</para> + </important> + </section> <section xml:id="ssh-network-parameters"> <title>Network parameters</title> <para>SSH connections require a hostname or IP address defining the destination @@ -2747,6 +2794,20 @@ ed272546-87bd-4db9-acba-e36e1a9ca20a </entry> </row> <row> + <entry><parameter>host-key</parameter></entry> + <entry> + <para><indexterm> + <primary>SSH</primary> + <secondary>host-key</secondary> + </indexterm>The known hosts entry for the SSH server. This + parameter is optional, and, if not provided, no verification + of host identity will be done. If the parameter is + provided the identity of the server will be checked + against the data.</para> + <para>For more information, please see <xref linkend="ssh-host-verification"/>.</para> + </entry> + </row> + <row> <entry><parameter>server-alive-interval</parameter></entry> <entry> <para>
