noxssh 0.1.11

Lightweight SSH-2 client in Rust using NoxTLS cryptographic primitives.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183

use std::env;
use std::fs::{self, OpenOptions};
use std::io::{self, IsTerminal, Write};
use std::path::PathBuf;

#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub enum HostKeyCheckingMode {
    /// Refuse unknown hosts without prompting (CI / locked-down use).
    Strict,
    /// Prompt on unknown host when stdin is a TTY; refuse on key mismatch (OpenSSH `ask`).
    Ask,
    /// Silently add new host keys; refuse if the key changed (OpenSSH `accept-new`).
    AcceptNew,
    Off,
}

impl Default for HostKeyCheckingMode {
    fn default() -> Self {
        Self::Ask
    }
}

impl HostKeyCheckingMode {
    pub fn parse(value: &str) -> Option<Self> {
        match value {
            "strict" | "yes" => Some(Self::Strict),
            "ask" => Some(Self::Ask),
            "accept-new" => Some(Self::AcceptNew),
            "off" | "no" => Some(Self::Off),
            _ => None,
        }
    }
}

#[derive(Debug)]
pub struct KnownHostsPolicy {
    pub mode: HostKeyCheckingMode,
    pub path: PathBuf,
    pub batch_mode: bool,
}

pub fn default_known_hosts_path() -> PathBuf {
    if let Ok(home) = env::var("HOME") {
        return PathBuf::from(home).join(".ssh").join("known_hosts");
    }
    if let Ok(profile) = env::var("USERPROFILE") {
        return PathBuf::from(profile).join(".ssh").join("known_hosts");
    }
    PathBuf::from(".").join("known_hosts")
}

pub fn verify_or_add_host_key(
    hostname: &str,
    key_type: &str,
    key_data_b64: &str,
    policy: &KnownHostsPolicy,
) -> Result<(), String> {
    if policy.mode == HostKeyCheckingMode::Off {
        return Ok(());
    }

    let content = fs::read_to_string(&policy.path).unwrap_or_default();
    for line in content.lines() {
        let trimmed = line.trim();
        if trimmed.is_empty() || trimmed.starts_with('#') {
            continue;
        }

        let mut fields = trimmed.split_whitespace();
        let hosts = match fields.next() {
            Some(v) => v,
            None => continue,
        };
        let known_key_type = match fields.next() {
            Some(v) => v,
            None => continue,
        };
        let known_key_data = match fields.next() {
            Some(v) => v,
            None => continue,
        };

        if !host_field_matches(hosts, hostname) {
            continue;
        }

        if known_key_type == key_type && known_key_data == key_data_b64 {
            return Ok(());
        }

        return Err(format!(
            "host key mismatch for {hostname} (known_hosts has a different key)"
        ));
    }

    // Unknown host: behavior depends on mode (OpenSSH-aligned).
    match policy.mode {
        HostKeyCheckingMode::Strict => {
            return Err(format!(
                "unknown host key for {hostname}; add it to {} or use -o StrictHostKeyChecking=ask|accept-new|off",
                policy.path.display()
            ));
        }
        HostKeyCheckingMode::AcceptNew => {
            append_known_host_line(hostname, key_type, key_data_b64, &policy.path)
                .map_err(|err| format!("failed to update known_hosts: {err}"))?;
        }
        HostKeyCheckingMode::Ask => {
            if policy.batch_mode || !io::stdin().is_terminal() {
                return Err(format!(
                    "unknown host key for {hostname}; stdin is not a terminal (use --strict-host-key-checking accept-new, or add the key to {})",
                    policy.path.display()
                ));
            }
            if !prompt_trust_new_host(hostname, key_type, key_data_b64)? {
                return Err("user rejected new host key".to_string());
            }
            append_known_host_line(hostname, key_type, key_data_b64, &policy.path)
                .map_err(|err| format!("failed to update known_hosts: {err}"))?;
        }
        HostKeyCheckingMode::Off => {}
    }

    Ok(())
}

fn host_field_matches(hosts_field: &str, hostname: &str) -> bool {
    hosts_field.split(',').any(|entry| {
        let normalized = if entry.starts_with('[') {
            let suffix = format!("]:22");
            if entry.ends_with(&suffix) {
                entry.trim_start_matches('[').trim_end_matches(&suffix)
            } else {
                entry
            }
        } else {
            entry
        };
        normalized == hostname
    })
}

fn prompt_trust_new_host(hostname: &str, key_type: &str, key_data_b64: &str) -> Result<bool, String> {
    println!("The authenticity of host '{hostname}' can't be established.");
    println!("{key_type} key fingerprint is {key_data_b64}.");
    println!("This key is not known by any other names.");
    print!("Are you sure you want to continue connecting (yes/no)? ");
    io::stdout()
        .flush()
        .map_err(|err| format!("stdout flush failed: {err}"))?;

    let mut answer = String::new();
    io::stdin()
        .read_line(&mut answer)
        .map_err(|err| format!("stdin read failed: {err}"))?;
    let answer = answer.trim().to_ascii_lowercase();
    Ok(answer == "yes" || answer == "y")
}

fn append_known_host_line(
    hostname: &str,
    key_type: &str,
    key_data_b64: &str,
    path: &PathBuf,
) -> Result<(), io::Error> {
    if let Some(parent) = path.parent() {
        fs::create_dir_all(parent)?;
    }
    let mut file = OpenOptions::new().create(true).append(true).open(path)?;
    writeln!(file, "{hostname} {key_type} {key_data_b64}")?;
    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn parse_modes_including_ask() {
        assert_eq!(HostKeyCheckingMode::parse("ask"), Some(HostKeyCheckingMode::Ask));
        assert_eq!(HostKeyCheckingMode::default(), HostKeyCheckingMode::Ask);
    }
}