[GH-ISSUE #78] security: implement SSH host key verification (TOFU) #100

New issue

Open

opened 2026-03-07 19:27:39 +03:00 by kerem · 0 comments

kerem commented 2026-03-07 19:27:39 +03:00

Owner

Copy link

Originally created by @adminsyspro on GitHub (Mar 6, 2026).
Original GitHub issue: https://github.com/adminsyspro/proxcenter-ui/issues/78

Problem

All SSH connections (rolling updates, test-ssh, replication) use InsecureIgnoreHostKey, making them vulnerable to man-in-the-middle attacks.

Expected

Implement Trust On First Use (TOFU): store the host key fingerprint on first connection, then verify it on subsequent connections. Alert the user if the fingerprint changes.

Implementation notes

• New DB field: add sshHostKey (or sshFingerprint) to ManagedHost model
• First connection: store the fingerprint, log it
• Subsequent connections: compare fingerprint, reject if mismatch
• UI: show fingerprint per node in infrastructure settings, allow manual reset
• Go orchestrator: same logic for rolling updates and replication SSH connections
• Consider supporting both the frontend (ssh2 library) and backend (golang.org/x/crypto/ssh)

Priority

Medium — requires network-level MITM to exploit, but important for hardened environments.

Originally created by @adminsyspro on GitHub (Mar 6, 2026). Original GitHub issue: https://github.com/adminsyspro/proxcenter-ui/issues/78 ## Problem All SSH connections (rolling updates, test-ssh, replication) use `InsecureIgnoreHostKey`, making them vulnerable to man-in-the-middle attacks. ## Expected Implement Trust On First Use (TOFU): store the host key fingerprint on first connection, then verify it on subsequent connections. Alert the user if the fingerprint changes. ## Implementation notes - **New DB field**: add `sshHostKey` (or `sshFingerprint`) to `ManagedHost` model - **First connection**: store the fingerprint, log it - **Subsequent connections**: compare fingerprint, reject if mismatch - **UI**: show fingerprint per node in infrastructure settings, allow manual reset - **Go orchestrator**: same logic for rolling updates and replication SSH connections - Consider supporting both the frontend (ssh2 library) and backend (golang.org/x/crypto/ssh) ## Priority Medium — requires network-level MITM to exploit, but important for hardened environments.

kerem added the

enhancement

label 2026-03-07 19:27:39 +03:00

kerem referenced this issue 2026-03-13 17:22:08 +03:00

[PR #100] build(deps): bump @prisma/adapter-better-sqlite3 from 7.3.0 to 7.4.2 in /frontend #188

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/frontend/eslint-config-next-16.2.3

dependabot/npm_and_yarn/frontend/eslint-10.2.0

dependabot/npm_and_yarn/frontend/iconify/tools-5.0.11

dependabot/npm_and_yarn/frontend/mui/material-9.0.0

dependabot/npm_and_yarn/frontend/stylelint-17.7.0

dependabot/npm_and_yarn/frontend/types/node-25.6.0

dependabot/github_actions/softprops/action-gh-release-3

dependabot/npm_and_yarn/frontend/tailwindcss-4.2.2

dependabot/npm_and_yarn/frontend/tailwindcss/postcss-4.2.2

v1.3.5

latest

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.0

Labels

Clear labels   

bug

  

enhancement

  

feature-request

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

enhancement

feature-request

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/proxcenter-ui#100

No description provided.