Host keys are a feature of WorldGuard that adds a second layer of security to your Minecraft server. It was added to WorldGuard in June 2012.
Note: Users of CommandHelper can re-implement to their liking the system mentioned here.
Minecraft has had approximately one to two "authentication issues" per year for the past few years, allowing players to login to servers as other players. Imagine being able to login onto a random server as the admin and get all op privileges.
- In 2010, a player could join a server as you or anything else (for an entire week, as an unplanned "free week of Minecraft").
- Up until late 2011, an attacker could ask you to login to his server once, and then become you on a server at some point in the future.
- Up until late 2012, an attacker could set up a fake server, ask you to "get on to see builds," and then automatically join a server as you.
- In 2012, a player could join a server as you or anyone else (including Notch) if the victim had migrated to the Mojang account system.
- In 2013, a player could join a server as you or anyone else.
While it is unknown when we will see another login problem, or if ever, you can protect yourself by providing an alternate method of verifying players who join your server.
The usual solution
Most solutions ask you to type a
/login password when you join. Unfortunately,
- The player has already joined your server, and you would need to be very careful to not have accidentally forgotten to limit access to some function.
- You need to keep the plugin well updated, because it relies on preventing from the currently logged in playing from being able to do anything.
- Typing in a password on login can get very irritating and your moderators may not like it.
Host keys rely on the fact that when you connect to a Minecraft server, your game sends the server the address that you used to connect. Normally this is to allow a server to "split" an IP address for multiple servers, but you can use it to verify the identity of your moderators.
- With host keys, you only add a server to the server list once, so a moderator or you would only set this up one time on each computer.
- It is relatively hard to mess up for moderators. Because you do not need to type a /login command, you can't accidentally type it into a Skype conversation.
To use host keys, you need:
- A wildcard DNS address (i.e. the wildcard
*.play.example.comwould let a player join with any prefix, such as
- A (secret) code to assign each moderator.
How it works
Say your moderator was assigned the address
i-eat-bagels-with-berries.example.com. If your moderator uses that address when connecting, then he or she will join as normal. If an attacker manages to login as that moderator's username, the attacker still wouldn't have the address and your server would know that something is up.
Each moderator needs their own secret code, and it should not be guessable.
WorldGuard provides automatic kicking if the code does not match. You should assign yourself and everyone with significant permissions a code, and then put the configuration in the main config.yml file, like so:
host-keys: your_username: i-eat-bagels-with-barries.example.com moderator1_name: popppyyymusic.example.com
While this method is convenient, it is only meant as a second layer of defense.
- Host keys are still susceptible to network sniffing, so don't randomly login at public wifi points (not that you shouldn't express caution when logging into anything at public wifi points).
- Host keys are not as secure as a theoretical client addon that authenticated with the server using public key cryptography.
However, host keys are extremely convenient.