Issue with Bad Key Warning message
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Remote Help Assistant |
In Progress
|
High
|
Andrew Sayers |
Bug Description
Hi,
While testing the Remote Help Assistant I noticed that once you get a "Bad Key Warning" message for some reason when connecting to a given computer, you also get the same message for all subsequent connections to the same computer although the keys are correct in those cases.
I did the following tests :
1- A, as a sharer, connects to B, as a helper: success, no problem
2- to restart from scratch on A, remove the directory ~/.remote-
3- A, as a sharer, connects once again to B, as a helper :
=> B gets a "Bad Key Warning" message, which is correct as A had to regenerate its public key and as A was already known to B but with a different public key
4- same test once again : A connects to B
=> B gets again the "Bad key Warning" message, but in this case it shouldn't because A didn't change its public key.
I've had a look at the code to understand what happened. It seems that once you detect that a computer has changed its key, you signal it (Bad Key Warning message) and you also add the received new key to the file know_keys. When you afterwards receive the same key from the same computer, you don't search the entire file known_keys for it and you stop the search at the first key whose user+ computer part matches the one of the received key. Unfortunately, this key in the file is the first that was saved, ie the incorrect one!!
To fix this bug, we could update the corresponding record of the file known_keys when a key for a computer has changed instead of just adding this new key to the file (obviously provided the new key is confirmed by the user).
As another solution (perhaps simpler), we could just search the entire file known_keys before deciding whether a key is correct or not. In that case, we will assume that several keys can be associated to each (user,computer) t-uple. But is that really a good solution from a security point of view?? Not sure.....
I hope, my explanations are clear enough. Don't hesitate to ask me for further details if needed.
Thank you in any case for having developed Remote Help Assistant, which is definitely a very useful tool for helping friends!!
Regards,
Erpiu
Hi Erpiu,
I agree this is an important usability issue, but I'm not sure how I feel about your suggested solutions. 0.1.3 goes for the "read the whole file" option, as it's an easy way to work around the issue while we come up with a long-term solution.
With issues that balance security against ease of use, it's very important to get the balance right. It seems to me that any solution should provide an option to get rid of the warning, but should do so in a way that lets the user know how serious and unusual the issue is. What do you think about this idea:
When the assistant spots a bad key, the page changes to show a long warning about bad keys, with a button at the bottom to launch a text editor, editing ~/.remote- help-assistant/ known_keys. A series of comment lines at the top of that file will explain how editing the file is a security risk. Once the user has edited the file (perhaps with the help of their friend), they can restart the assistant and try again.