Expand description
@cert-authority and @revoked markers in known_hosts-style files
(PRD §5.8.3 / FR-60, FR-64).
M14 ships the parsing surface plus the M14.2 revoked-key
enforcement in [crate::session::AnvilSession::check_server_key].
The actual cert-during-handshake verification (FR-61, FR-62, FR-63)
is deferred until russh exposes the server’s certificate to the
check_server_key callback — russh 0.59’s KEX negotiation does not
advertise *-cert-v01@openssh.com as a host-key algorithm, so the
callback only ever sees plain public keys. See the M14 plan for the
upstream blocker.
§File format
Three line shapes are recognized:
# Direct fingerprint (Anvil convention, predates M14):
github.com SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s
# Cert-authority CA pubkey (OpenSSH convention):
@cert-authority *.example.com ssh-ed25519 AAAAC3NzaC1lZD... ca-key
# Revoked specific key (Anvil shorthand: SHA256: form):
@revoked example.com SHA256:abcd...Multiple comma-separated host patterns on one line are split into
multiple entries. Comment lines (#) and blanks are skipped.
§Hashed-host support (M19, FR-84)
OpenSSH’s HashKnownHosts yes setting replaces the plaintext host
column with |1|<base64-salt>|<base64-hmac-sha1> so that an attacker
who reads the file cannot enumerate which hosts the user has
connected to. Anvil parses these into HashedHost values and
stores them on KnownHostsFile::hashed; the per-entry
HashedHost::matches method runs HMAC-SHA1 against a candidate
hostname to test for membership at lookup time. HMAC-SHA1 here is
a privacy primitive (file-readable enumeration resistance), not a
security primitive — SHA-1 collisions don’t matter because the
salt is per-line and 160 bits, the input is a low-entropy hostname,
and the threat model is exactly OpenSSH’s: hide the hostname list
from a casual file reader.
Structs§
- Cert
Authority - One
@cert-authorityline: a CA public key plus the host pattern it applies to. - Direct
Host Key - One direct host-fingerprint pin (
host SHA256:fp). Predates M14; kept here soparse_known_hostscan return everything in one pass instead of forcing the caller to re-iterate the file. - Hashed
Host - One
HashKnownHosts yesentry (M19, FR-84). - Known
Hosts File - Fully-parsed view of one
known_hosts-style file. - Revoked
Entry - One
@revokedline: a specific key fingerprint blocklisted for the matching host pattern.
Functions§
- parse_
known_ hosts - Parses
content(the contents of aknown_hosts-style file) into the three classes of entries Anvil understands.