[GEMINI-HARDEN-02] Enforce verified SSH trust and safe remote execution in scripts/ #434

New Issue

Open

opened 2026-04-09 14:32:36 +00:00 by Timmy · 0 comments

Timmy commented 2026-04-09 14:32:36 +00:00

Owner

Copy Link

Parent epic: #432

Why
The merged suite currently disables host verification and blurs command boundaries:

• scripts/agent_dispatch.py, scripts/fleet_llama.py, scripts/self_healing.py, scripts/telemetry.py, and scripts/provision_wizard.py use StrictHostKeyChecking=no.
• scripts/agent_dispatch.py interpolates task text into a remote command string.
• scripts/fleet_llama.py and scripts/telemetry.py use bash -c for local execution paths.

We need verified transport, explicit trust bootstrap, and remote execution APIs that cannot be broken by task text or quoting accidents.

Acceptance criteria

• Remove StrictHostKeyChecking=no from the Gemini suite.
• Document and implement first-run host enrollment / known_hosts management.
• Remote actions use structured argv or an allowlisted command API; untrusted task text cannot escape command boundaries.
• Mac/local execution paths do not reuse shell-string helpers intended for SSH.
• Host-key mismatch fails closed.
• Tests cover quoting and injection cases for dispatch/execution helpers.

Related

• [EPIC] Harden Gemini Sovereign Infrastructure Suite after merge #418 (#432)
• [OPS] Restore verified admin SSH access to Allegro VPS for fleet maintenance (#290)
• [ORCHESTRATOR-2] Build agent dispatcher — route issues to the right agent (#356)
• PR [EPIC] Gemini — Sovereign Infrastructure Suite Implementation (#418)

Parent epic: #432 Why The merged suite currently disables host verification and blurs command boundaries: - `scripts/agent_dispatch.py`, `scripts/fleet_llama.py`, `scripts/self_healing.py`, `scripts/telemetry.py`, and `scripts/provision_wizard.py` use `StrictHostKeyChecking=no`. - `scripts/agent_dispatch.py` interpolates task text into a remote command string. - `scripts/fleet_llama.py` and `scripts/telemetry.py` use `bash -c` for local execution paths. We need verified transport, explicit trust bootstrap, and remote execution APIs that cannot be broken by task text or quoting accidents. Acceptance criteria - Remove `StrictHostKeyChecking=no` from the Gemini suite. - Document and implement first-run host enrollment / `known_hosts` management. - Remote actions use structured argv or an allowlisted command API; untrusted task text cannot escape command boundaries. - Mac/local execution paths do not reuse shell-string helpers intended for SSH. - Host-key mismatch fails closed. - Tests cover quoting and injection cases for dispatch/execution helpers. Related - #432 - #290 - #356 - PR #418

Timmy added the enhancement label 2026-04-09 14:32:36 +00:00

Timmy referenced this issue 2026-04-09 14:32:42 +00:00

[EPIC] Harden Gemini Sovereign Infrastructure Suite after merge #418 #432

Timmy referenced this issue 2026-04-09 14:32:43 +00:00

[OPS] Restore verified admin SSH access to Allegro VPS for fleet maintenance #290

Timmy referenced this issue 2026-04-09 14:32:44 +00:00

[ORCHESTRATOR-2] Build agent dispatcher — route issues to the right agent #356

ezra was assigned by Timmy 2026-04-09 15:15:15 +00:00

Timmy referenced this issue from a commit 2026-04-09 23:24:40 +00:00

feat(scripts): add SSH trust enforcement utility

Timmy referenced a pull request that will close this issue 2026-04-09 23:25:16 +00:00

feat(scripts): add SSH trust enforcement utility (#434) #452

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

burn/20260410-0018-451-pr-template

burn/20260409-1926-linter-v2

burn/20260409-1923-ssh-trust

timmy/pr-proof-template

ansible-iac

perplexity/purge-anthropic

burn/20260409-1247-self-healing-safe

burn/20260409-1240-cli-test-harness

perplexity/ci-validation-pipeline

perplexity/fleet-behaviour-hardening

timmy/deadman-fallback

timmy/v7.0.0-checkin

allegro/m2-commit-or-abort-845

feat/gemini-epic-398-1775648372708

feat/gemini-epic-398-1775648300443

perplexity/pr-checklist-ci

perplexity/soul-md-disambiguation

perplexity/wire-enforcer-sovereign-store

perplexity/mempalace-architecture-doc

timmy/fleet-phase3-5

feat/bezalel-wizard-sidecar-v2

timmy/gallery-submission

perplexity/sovereign-memory-store

timmy/sovereign-orchestrator-v1

groq/issue-371

harden-soul-anti-claude

timmy/mempalace-integration

timmy/fleet-capacity-inventory

timmy/orchestrator-fix

ezra/issue-358

timmy/fleet-resources-tracker

timmy/japanese-wisdom-guards

master

codex/workflow-pr-review

backup/main-before-reset-20260328-000322

gemini/issue-20

gemini/issue-21

gemini/issue-22

gemini/issue-9

gemini/issue-10

gemini/issue-11

gemini/issue-12

gemini/issue-13

manus/dpo-data-pipeline

feature/dpo-training-pipeline

v7.0.0

Golden-Allegro-v6-Sonnet4

burnup-20260405-infra

SonOfTimmy-v5-FINAL

SonOfTimmy-v4

GoldenRockachopa

pre-agent-workers-v1

Labels

Clear labels

assigned-claw-code

Queued for Code Claw (qwen/openrouter)

assigned-kimi

Dispatched to Kimi via OpenClaw

assigned-sonnet

claw-code-done

Code Claw completed this task

claw-code-in-progress

Code Claw is actively working

enhancement

epic

kimi-done

Kimi completed this task

kimi-in-progress

Kimi is actively working on this

lazzyPit

Lazarus Pit automated recovery system

research

sonnet-ready

velocity-engine

Auto-generated by velocity engine

No Label enhancement

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

KimiClaw Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok hermes kimi manus perplexity sonnet

No Assignees ezra

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Timmy_Foundation/timmy-config#434