Got a question that the wiki doesn't answer? Ask on the forum (preferred), or join us on IRC.

BeastNode

WorldGuard/Host keys

From EngineHub.org Wiki
Jump to: navigation, search

Host keys are a feature of WorldGuard that adds a second layer of security to your Minecraft server. It was added to WorldGuard in June 2012.

Check out the new WorldGuard documentation for WG 6+: http://docs.enginehub.org/manual/worldguard/latest/

Note: Users of CommandHelper can re-implement to their liking the system mentioned here.

Authentication problems

Minecraft has had approximately one to two "authentication issues" per year for the past few years, allowing players to login to servers as other players. Imagine being able to login onto a random server as the admin and get all op privileges.

  • In 2010, a player could join a server as you or anything else (for an entire week, as an unplanned "free week of Minecraft").
  • Up until late 2011, an attacker could ask you to login to his server once, and then become you on a server at some point in the future.
  • Up until late 2012, an attacker could set up a fake server, ask you to "get on to see builds," and then automatically join a server as you.
  • In 2012, a player could join a server as you or anyone else (including Notch) if the victim had migrated to the Mojang account system.
  • In 2013, a player could join a server as you or anyone else.

While it is unknown when we will see another login problem, or if ever, you can protect yourself by providing an alternate method of verifying players who join your server.

The usual solution

Most solutions ask you to type a /login password when you join. Unfortunately,

  • The player has already joined your server, and you would need to be very careful to not have accidentally forgotten to limit access to some function.
  • You need to keep the plugin well updated, because it relies on preventing from the currently logged in playing from being able to do anything.
  • Typing in a password on login can get very irritating and your moderators may not like it.

Host keys

Host keys rely on the fact that when you connect to a Minecraft server, your game sends the server the address that you used to connect. Normally this is to allow a server to "split" an IP address for multiple servers, but you can use it to verify the identity of your moderators.

  • With host keys, you only add a server to the server list once, so a moderator or you would only set this up one time on each computer.
  • It is relatively hard to mess up for moderators. Because you do not need to type a /login command, you can't accidentally type it into a Skype conversation.

To use host keys, you need:

  1. A wildcard DNS address (i.e. the wildcard ​*.play.example.com​ would let a player join with any prefix, such as ​server1.play.example.com​ or ​blahblah.play.example.com​).
  2. A (secret) code to assign each moderator.
Tip: If you don't have a domain name or can't set a wildcard address, you can use xip.io. It lets you turn any IP address into a wildcard address. For example, if your server's IP address was 1.2.3.4, then you could use ​secret-code.1.2.3.4.xip.ip​.
Warning: If you are going to set up DNS records, you MUST use a wildcard, and not assign an address to each person one by one. If you assign individual addresses, then an attacker can just query your DNS server for all the secret addresses.

How it works

Say your moderator was assigned the address ​i-eat-bagels-with-berries.example.com​. If your moderator uses that address when connecting, then he or she will join as normal. If an attacker manages to login as that moderator's username, the attacker still wouldn't have the address and your server would know that something is up.

Each moderator needs their own secret code, and it should not be guessable.

WorldGuard provides automatic kicking if the code does not match. You should assign yourself and everyone with significant permissions a code, and then put the configuration in the main config.yml file, like so:

   host-keys:
       your_username: i-eat-bagels-with-barries.example.com
       moderator1_name: popppyyymusic.example.com

Limitations

While this method is convenient, it is only meant as a second layer of defense.

  • Host keys are still susceptible to network sniffing, so don't randomly login at public wifi points (not that you shouldn't express caution when logging into anything at public wifi points).
  • Host keys are not as secure as a theoretical client addon that authenticated with the server using public key cryptography.

However, host keys are extremely convenient.

Navigation menu