upstream commit

Turn off DSA by default; add HostKeyAlgorithms to the
 server and PubkeyAcceptedKeyTypes to the client side, so it still can be
 tested or turned back on; feedback and ok djm@

Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
This commit is contained in:
markus@openbsd.org 2015-07-10 06:21:53 +00:00 committed by Damien Miller
parent 16db0a7ee9
commit 3a1638dda1
12 changed files with 173 additions and 66 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.274 2015/07/01 02:26:31 djm Exp $ */
/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -100,6 +100,7 @@
#include "key.h"
#include "cipher.h"
#include "kex.h"
#include "myproposal.h"
#include "log.h"
#include "misc.h"
#include "readconf.h"
@ -2362,10 +2363,11 @@ client_input_hostkeys(void)
debug3("%s: received %s key %s", __func__,
sshkey_type(key), fp);
free(fp);
/* Check that the key is accepted in HostkeyAlgorithms */
if (options.hostkeyalgorithms != NULL &&
match_pattern_list(sshkey_ssh_name(key),
options.hostkeyalgorithms, 0) != 1) {
if (match_pattern_list(sshkey_ssh_name(key),
options.hostkeyalgorithms ? options.hostkeyalgorithms :
KEX_DEFAULT_PK_ALG, 0) != 1) {
debug3("%s: %s key not permitted by HostkeyAlgorithms",
__func__, sshkey_ssh_name(key));
continue;

View File

@ -1,4 +1,4 @@
/* $OpenBSD: myproposal.h,v 1.46 2015/07/03 03:47:00 djm Exp $ */
/* $OpenBSD: myproposal.h,v 1.47 2015/07/10 06:21:53 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -99,11 +99,9 @@
HOSTKEY_ECDSA_CERT_METHODS \
"ssh-ed25519-cert-v01@openssh.com," \
"ssh-rsa-cert-v01@openssh.com," \
"ssh-dss-cert-v01@openssh.com," \
HOSTKEY_ECDSA_METHODS \
"ssh-ed25519," \
"ssh-rsa," \
"ssh-dss"
"ssh-rsa" \
/* the actual algorithms */

View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.237 2015/06/26 05:13:20 djm Exp $ */
/* $OpenBSD: readconf.c,v 1.238 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -157,6 +157,7 @@ typedef enum {
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
oPubkeyAcceptedKeyTypes,
oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
@ -275,6 +276,7 @@ static struct {
{ "fingerprinthash", oFingerprintHash },
{ "updatehostkeys", oUpdateHostkeys },
{ "hostbasedkeytypes", oHostbasedKeyTypes },
{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
{ "ignoreunknown", oIgnoreUnknown },
{ NULL, oBadOption }
@ -1115,14 +1117,17 @@ parse_int:
break;
case oHostKeyAlgorithms:
charptr = &options->hostkeyalgorithms;
parse_keytypes:
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.", filename, linenum);
fatal("%.200s line %d: Missing argument.",
filename, linenum);
if (!sshkey_names_valid2(arg, 1))
fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
filename, linenum, arg ? arg : "<NONE>");
if (*activep && options->hostkeyalgorithms == NULL)
options->hostkeyalgorithms = xstrdup(arg);
fatal("%s line %d: Bad key types '%s'.",
filename, linenum, arg ? arg : "<NONE>");
if (*activep && *charptr == NULL)
*charptr = xstrdup(arg);
break;
case oProtocol:
@ -1485,16 +1490,11 @@ parse_int:
case oHostbasedKeyTypes:
charptr = &options->hostbased_key_types;
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.",
filename, linenum);
if (!sshkey_names_valid2(arg, 1))
fatal("%s line %d: Bad key types '%s'.",
filename, linenum, arg ? arg : "<NONE>");
if (*activep && *charptr == NULL)
*charptr = xstrdup(arg);
break;
goto parse_keytypes;
case oPubkeyAcceptedKeyTypes:
charptr = &options->pubkey_key_types;
goto parse_keytypes;
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
@ -1676,6 +1676,7 @@ initialize_options(Options * options)
options->fingerprint_hash = -1;
options->update_hostkeys = -1;
options->hostbased_key_types = NULL;
options->pubkey_key_types = NULL;
}
/*
@ -1858,7 +1859,9 @@ fill_default_options(Options * options)
if (options->update_hostkeys == -1)
options->update_hostkeys = 0;
if (options->hostbased_key_types == NULL)
options->hostbased_key_types = xstrdup("*");
options->hostbased_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
if (options->pubkey_key_types == NULL)
options->pubkey_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
#define CLEAR_ON_NONE(v) \
do { \

View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.109 2015/02/16 22:13:32 djm Exp $ */
/* $OpenBSD: readconf.h,v 1.110 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -150,7 +150,8 @@ typedef struct {
int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */
char *hostbased_key_types;
char *hostbased_key_types;
char *pubkey_key_types;
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
} Options;

5
scp.1
View File

@ -8,9 +8,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
.\" $OpenBSD: scp.1,v 1.66 2015/01/30 11:43:14 djm Exp $
.\" $OpenBSD: scp.1,v 1.67 2015/07/10 06:21:53 markus Exp $
.\"
.Dd $Mdocdate: January 30 2015 $
.Dd $Mdocdate: July 10 2015 $
.Dt SCP 1
.Os
.Sh NAME
@ -170,6 +170,7 @@ For full details of the options listed below, and their possible values, see
.It PreferredAuthentications
.It Protocol
.It ProxyCommand
.It PubkeyAcceptedKeyTypes
.It PubkeyAuthentication
.It RekeyLimit
.It RhostsRSAAuthentication

View File

@ -1,5 +1,5 @@
/* $OpenBSD: servconf.c,v 1.275 2015/07/01 02:39:06 djm Exp $ */
/* $OpenBSD: servconf.c,v 1.276 2015/07/10 06:21:53 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -108,6 +108,7 @@ initialize_server_options(ServerOptions *options)
options->hostbased_authentication = -1;
options->hostbased_uses_name_from_packet_only = -1;
options->hostbased_key_types = NULL;
options->hostkeyalgorithms = NULL;
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
options->pubkey_key_types = NULL;
@ -259,13 +260,15 @@ fill_default_server_options(ServerOptions *options)
if (options->hostbased_uses_name_from_packet_only == -1)
options->hostbased_uses_name_from_packet_only = 0;
if (options->hostbased_key_types == NULL)
options->hostbased_key_types = xstrdup("*");
options->hostbased_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
if (options->hostkeyalgorithms == NULL)
options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
if (options->rsa_authentication == -1)
options->rsa_authentication = 1;
if (options->pubkey_authentication == -1)
options->pubkey_authentication = 1;
if (options->pubkey_key_types == NULL)
options->pubkey_key_types = xstrdup("*");
options->pubkey_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
if (options->kerberos_authentication == -1)
options->kerberos_authentication = 0;
if (options->kerberos_or_local_passwd == -1)
@ -400,6 +403,7 @@ typedef enum {
sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
sHostKeyAlgorithms,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
sAcceptEnv, sPermitTunnel,
@ -450,6 +454,7 @@ static struct {
{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
{ "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL },
{ "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
{ "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
{ "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL },
@ -1183,6 +1188,10 @@ process_server_config_line(ServerOptions *options, char *line,
*charptr = xstrdup(arg);
break;
case sHostKeyAlgorithms:
charptr = &options->hostkeyalgorithms;
goto parse_keytypes;
case sRSAAuthentication:
intptr = &options->rsa_authentication;
goto parse_flag;
@ -2280,6 +2289,8 @@ dump_config(ServerOptions *o)
o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX);
dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ?
o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ?
o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
o->pubkey_key_types : KEX_DEFAULT_PK_ALG);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.h,v 1.119 2015/05/22 03:50:02 djm Exp $ */
/* $OpenBSD: servconf.h,v 1.120 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -102,6 +102,7 @@ typedef struct {
int hostbased_authentication; /* If true, permit ssh2 hostbased auth */
int hostbased_uses_name_from_packet_only; /* experimental */
char *hostbased_key_types; /* Key types allowed for hostbased */
char *hostkeyalgorithms; /* SSH2 server key types */
int rsa_authentication; /* If true, permit RSA authentication. */
int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
char *pubkey_key_types; /* Key types allowed for public key */

5
ssh.1
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.358 2015/05/22 05:28:45 djm Exp $
.Dd $Mdocdate: May 22 2015 $
.\" $OpenBSD: ssh.1,v 1.359 2015/07/10 06:21:53 markus Exp $
.Dd $Mdocdate: July 10 2015 $
.Dt SSH 1
.Os
.Sh NAME
@ -470,6 +470,7 @@ For full details of the options listed below, and their possible values, see
.It Protocol
.It ProxyCommand
.It ProxyUseFdpass
.It PubkeyAcceptedKeyTypes
.It PubkeyAuthentication
.It RekeyLimit
.It RemoteForward

View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.212 2015/07/03 03:47:00 djm Exp $
.Dd $Mdocdate: July 3 2015 $
.\" $OpenBSD: ssh_config.5,v 1.213 2015/07/10 06:21:53 markus Exp $
.Dd $Mdocdate: July 10 2015 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@ -781,9 +781,17 @@ is similar to
.It Cm HostbasedKeyTypes
Specifies the key types that will be used for hostbased authentication
as a comma-separated pattern list.
The default
.Dq *
will allow all key types.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
ssh-rsa-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,ssh-rsa
.Ed
.Pp
The
.Fl Q
option of
@ -798,10 +806,9 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
ssh-rsa-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,ssh-rsa,ssh-dss
ssh-ed25519,ssh-rsa
.Ed
.Pp
If hostkeys are known for the destination host then this default is modified
@ -1206,6 +1213,25 @@ will pass a connected file descriptor back to
instead of continuing to execute and pass data.
The default is
.Dq no .
.It Cm PubkeyAcceptedKeyTypes
Specifies the key types that will be used for public key authentication
as a comma-separated pattern list.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
ssh-rsa-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,ssh-rsa
.Ed
.Pp
The
.Fl Q
option of
.Xr ssh 1
may be used to list supported key types.
.It Cm PubkeyAuthentication
Specifies whether to try public key authentication.
The argument to this keyword must be

View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.224 2015/05/04 06:10:48 djm Exp $ */
/* $OpenBSD: sshconnect2.c,v 1.225 2015/07/10 06:21:53 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@ -190,6 +190,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
compat_pkalg_proposal(options.hostkeyalgorithms);
else {
/* Enforce default */
options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
/* Prefer algorithms that we already have keys for */
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
compat_pkalg_proposal(
@ -1315,6 +1317,26 @@ pubkey_cleanup(Authctxt *authctxt)
}
}
static int
try_identity(Identity *id)
{
if (!id->key)
return (0);
if (match_pattern_list(sshkey_ssh_name(id->key),
options.pubkey_key_types, 0) != 1) {
debug("Skipping %s key %s for not in PubkeyAcceptedKeyTypes",
sshkey_ssh_name(id->key), id->filename);
return (0);
}
if (key_type_plain(id->key->type) == KEY_RSA &&
(datafellows & SSH_BUG_RSASIGMD5) != 0) {
debug("Skipped %s key %s for RSA/MD5 server",
key_type(id->key), id->filename);
return (0);
}
return (id->key->type != KEY_RSA1);
}
int
userauth_pubkey(Authctxt *authctxt)
{
@ -1333,11 +1355,7 @@ userauth_pubkey(Authctxt *authctxt)
* private key instead
*/
if (id->key != NULL) {
if (key_type_plain(id->key->type) == KEY_RSA &&
(datafellows & SSH_BUG_RSASIGMD5) != 0) {
debug("Skipped %s key %s for RSA/MD5 server",
key_type(id->key), id->filename);
} else if (id->key->type != KEY_RSA1) {
if (try_identity(id)) {
debug("Offering %s public key: %s",
key_type(id->key), id->filename);
sent = send_pubkey_test(authctxt, id);
@ -1347,13 +1365,8 @@ userauth_pubkey(Authctxt *authctxt)
id->key = load_identity_file(id->filename,
id->userprovided);
if (id->key != NULL) {
id->isprivate = 1;
if (key_type_plain(id->key->type) == KEY_RSA &&
(datafellows & SSH_BUG_RSASIGMD5) != 0) {
debug("Skipped %s key %s for RSA/MD5 "
"server", key_type(id->key),
id->filename);
} else {
if (try_identity(id)) {
id->isprivate = 1;
sent = sign_and_send_pubkey(
authctxt, id);
}

10
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.453 2015/07/03 03:49:45 djm Exp $ */
/* $OpenBSD: sshd.c,v 1.454 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -95,6 +95,7 @@
#include "log.h"
#include "buffer.h"
#include "misc.h"
#include "match.h"
#include "servconf.h"
#include "uidswap.h"
#include "compat.h"
@ -799,6 +800,13 @@ list_hostkey_types(void)
key = sensitive_data.host_pubkeys[i];
if (key == NULL)
continue;
/* Check that the key is accepted in HostkeyAlgorithms */
if (match_pattern_list(sshkey_ssh_name(key),
options.hostkeyalgorithms, 0) != 1) {
debug3("%s: %s key not permitted by HostkeyAlgorithms",
__func__, sshkey_ssh_name(key));
continue;
}
switch (key->type) {
case KEY_RSA:
case KEY_DSA:

View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.205 2015/07/03 03:49:45 djm Exp $
.Dd $Mdocdate: July 3 2015 $
.\" $OpenBSD: sshd_config.5,v 1.206 2015/07/10 06:21:53 markus Exp $
.Dd $Mdocdate: July 10 2015 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@ -640,9 +640,17 @@ The default is
.It Cm HostbasedAcceptedKeyTypes
Specifies the key types that will be accepted for hostbased authentication
as a comma-separated pattern list.
The default
.Dq *
will allow all key types.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
ssh-rsa-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,ssh-rsa
.Ed
.Pp
The
.Fl Q
option of
@ -694,9 +702,15 @@ for protocol version 1, and
and
.Pa /etc/ssh/ssh_host_rsa_key
for protocol version 2.
.Pp
Note that
.Xr sshd 8
will refuse to use a file if it is group/world-accessible.
will refuse to use a file if it is group/world-accessible
and that the
.Cm HostKeyAlgorithms
option restricts which of the keys are actually used by
.Xr sshd 8 .
.Pp
It is possible to have multiple host key files.
.Dq rsa1
keys are used for version 1 and
@ -718,6 +732,26 @@ If
is specified, the location of the socket will be read from the
.Ev SSH_AUTH_SOCK
environment variable.
.It Cm HostKeyAlgorithms
Specifies the protocol version 2 host key algorithms
that the server offers.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
ssh-rsa-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,ssh-rsa
.Ed
.Pp
The list of available key types may also be obtained using the
.Fl Q
option of
.Xr ssh 1
with an argument of
.Dq key .
.It Cm IgnoreRhosts
Specifies that
.Pa .rhosts
@ -1279,9 +1313,17 @@ is identical to
.It Cm PubkeyAcceptedKeyTypes
Specifies the key types that will be accepted for public key authentication
as a comma-separated pattern list.
The default
.Dq *
will allow all key types.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
ssh-rsa-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,ssh-rsa
.Ed
.Pp
The
.Fl Q
option of