upstream: Add sshd_config CASignatureAlgorithms option to allow

control over which signature algorithms a CA may use when signing
certificates. In particular, this allows a sshd to ban certificates signed
with RSA/SHA1.

ok markus@

OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac
This commit is contained in:
djm@openbsd.org 2018-09-20 03:28:06 +00:00 committed by Damien Miller
parent f80e68ea7d
commit 86e5737c39
5 changed files with 45 additions and 9 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-hostbased.c,v 1.37 2018/08/28 12:17:45 mestre Exp $ */ /* $OpenBSD: auth2-hostbased.c,v 1.38 2018/09/20 03:28:06 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -112,6 +112,13 @@ userauth_hostbased(struct ssh *ssh)
__func__, sshkey_type(key)); __func__, sshkey_type(key));
goto done; goto done;
} }
if ((r = sshkey_check_cert_sigtype(key,
options.ca_sign_algorithms)) != 0) {
logit("%s: certificate signature algorithm %s: %s", __func__,
(key->cert == NULL || key->cert->signature_type == NULL) ?
"(null)" : key->cert->signature_type, ssh_err(r));
goto done;
}
if (!authctxt->valid || authctxt->user == NULL) { if (!authctxt->valid || authctxt->user == NULL) {
debug2("%s: disabled because of invalid user", __func__); debug2("%s: disabled because of invalid user", __func__);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.85 2018/08/28 12:25:53 mestre Exp $ */ /* $OpenBSD: auth2-pubkey.c,v 1.86 2018/09/20 03:28:06 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -137,7 +137,13 @@ userauth_pubkey(struct ssh *ssh)
__func__, sshkey_ssh_name(key)); __func__, sshkey_ssh_name(key));
goto done; goto done;
} }
if ((r = sshkey_check_cert_sigtype(key,
options.ca_sign_algorithms)) != 0) {
logit("%s: certificate signature algorithm %s: %s", __func__,
(key->cert == NULL || key->cert->signature_type == NULL) ?
"(null)" : key->cert->signature_type, ssh_err(r));
goto done;
}
key_s = format_key(key); key_s = format_key(key);
if (sshkey_is_cert(key)) if (sshkey_is_cert(key))
ca_s = format_key(key->cert->signature_key); ca_s = format_key(key->cert->signature_key);

View File

@ -1,5 +1,5 @@
/* $OpenBSD: servconf.c,v 1.340 2018/08/12 20:19:13 djm Exp $ */ /* $OpenBSD: servconf.c,v 1.341 2018/09/20 03:28:06 djm Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -145,6 +145,7 @@ initialize_server_options(ServerOptions *options)
options->ciphers = NULL; options->ciphers = NULL;
options->macs = NULL; options->macs = NULL;
options->kex_algorithms = NULL; options->kex_algorithms = NULL;
options->ca_sign_algorithms = NULL;
options->fwd_opts.gateway_ports = -1; options->fwd_opts.gateway_ports = -1;
options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
options->fwd_opts.streamlocal_bind_unlink = -1; options->fwd_opts.streamlocal_bind_unlink = -1;
@ -191,13 +192,14 @@ option_clear_or_none(const char *o)
static void static void
assemble_algorithms(ServerOptions *o) assemble_algorithms(ServerOptions *o)
{ {
char *all_cipher, *all_mac, *all_kex, *all_key; char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
int r; int r;
all_cipher = cipher_alg_list(',', 0); all_cipher = cipher_alg_list(',', 0);
all_mac = mac_alg_list(','); all_mac = mac_alg_list(',');
all_kex = kex_alg_list(','); all_kex = kex_alg_list(',');
all_key = sshkey_alg_list(0, 0, 1, ','); all_key = sshkey_alg_list(0, 0, 1, ',');
all_sig = sshkey_alg_list(0, 1, 1, ',');
#define ASSEMBLE(what, defaults, all) \ #define ASSEMBLE(what, defaults, all) \
do { \ do { \
if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
@ -209,11 +211,13 @@ assemble_algorithms(ServerOptions *o)
ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
#undef ASSEMBLE #undef ASSEMBLE
free(all_cipher); free(all_cipher);
free(all_mac); free(all_mac);
free(all_kex); free(all_kex);
free(all_key); free(all_key);
free(all_sig);
} }
static void static void
@ -487,7 +491,7 @@ typedef enum {
sHostCertificate, sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
sKexAlgorithms, sIPQoS, sVersionAddendum, sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
sStreamLocalBindMask, sStreamLocalBindUnlink, sStreamLocalBindMask, sStreamLocalBindUnlink,
@ -1431,6 +1435,10 @@ process_server_config_line(ServerOptions *options, char *line,
charptr = &options->hostkeyalgorithms; charptr = &options->hostkeyalgorithms;
goto parse_keytypes; goto parse_keytypes;
case sCASignatureAlgorithms:
charptr = &options->ca_sign_algorithms;
goto parse_keytypes;
case sPubkeyAuthentication: case sPubkeyAuthentication:
intptr = &options->pubkey_authentication; intptr = &options->pubkey_authentication;
goto parse_flag; goto parse_flag;
@ -2601,6 +2609,8 @@ dump_config(ServerOptions *o)
dump_cfg_string(sHostKeyAgent, o->host_key_agent); dump_cfg_string(sHostKeyAgent, o->host_key_agent);
dump_cfg_string(sKexAlgorithms, dump_cfg_string(sKexAlgorithms,
o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX);
dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms ?
o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS);
dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ?
o->hostbased_key_types : KEX_DEFAULT_PK_ALG); o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ?

View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.h,v 1.136 2018/07/09 21:26:02 markus Exp $ */ /* $OpenBSD: servconf.h,v 1.137 2018/09/20 03:28:06 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -110,6 +110,7 @@ typedef struct {
int hostbased_uses_name_from_packet_only; /* experimental */ int hostbased_uses_name_from_packet_only; /* experimental */
char *hostbased_key_types; /* Key types allowed for hostbased */ char *hostbased_key_types; /* Key types allowed for hostbased */
char *hostkeyalgorithms; /* SSH2 server key types */ char *hostkeyalgorithms; /* SSH2 server key types */
char *ca_sign_algorithms; /* Allowed CA signature algorithms */
int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
char *pubkey_key_types; /* Key types allowed for public key */ char *pubkey_key_types; /* Key types allowed for public key */
int kerberos_authentication; /* If true, permit Kerberos int kerberos_authentication; /* If true, permit Kerberos
@ -242,6 +243,7 @@ struct connection_info {
M_CP_STROPT(authorized_principals_command_user); \ M_CP_STROPT(authorized_principals_command_user); \
M_CP_STROPT(hostbased_key_types); \ M_CP_STROPT(hostbased_key_types); \
M_CP_STROPT(pubkey_key_types); \ M_CP_STROPT(pubkey_key_types); \
M_CP_STROPT(ca_sign_algorithms); \
M_CP_STROPT(routing_domain); \ M_CP_STROPT(routing_domain); \
M_CP_STROPT(permit_user_env_whitelist); \ M_CP_STROPT(permit_user_env_whitelist); \
M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \

View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.281 2018/07/20 05:01:10 djm Exp $ .\" $OpenBSD: sshd_config.5,v 1.282 2018/09/20 03:28:06 djm Exp $
.Dd $Mdocdate: July 20 2018 $ .Dd $Mdocdate: September 20 2018 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
.Sh NAME .Sh NAME
@ -382,6 +382,17 @@ If the argument is
.Cm none .Cm none
then no banner is displayed. then no banner is displayed.
By default, no banner is displayed. By default, no banner is displayed.
.It Cm CASignatureAlgorithms
Specifies which algorithms are allowed for signing of certificates
by certificate authorities (CAs).
The default is:
.Bd -literal -offset indent
ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
.Ed
.Pp
Certificates signed using other algorithms will not be accepted for
public key or host-based authentication.
.It Cm ChallengeResponseAuthentication .It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via Specifies whether challenge-response authentication is allowed (e.g. via
PAM or through authentication styles supported in PAM or through authentication styles supported in