bugzilla-daemon at mindrot.org
2021-Jun-18 16:12 UTC
[Bug 3322] New: Switch SSHFP default digest to SHA256
bugzilla.mindrot.org/show_bug.cgi?id=3322 Bug ID: 3322 Summary: Switch SSHFP default digest to SHA256 Product: Portable OpenSSH Version: 8.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: dbelyavs at redhat.com OpenSSH uses SHA1 as a default digest for SSHFP records for RSA/DSA algorithms. RFC 6594 permits using much more secure SHA256 algorithm with SSHFP records. SHA256 is already default digest for Ed25519 and ECDSA SSHFP records. The straightforward PR: github.com/openssh/openssh-portable/pull/259 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Jul-16 12:16 UTC
[Bug 3322] Switch SSHFP default digest to SHA256
bugzilla.mindrot.org/show_bug.cgi?id=3322 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at dtucker.net Blocks| |3302 --- Comment #1 from Darren Tucker <dtucker at dtucker.net> --- I commented on the pull request too, but I don't think your change actually does anything. While iterating the rrset, the existing code uses the digest type from the DNS record: if (hostkey_digest_type != dnskey_digest_type) { hostkey_digest_type = dnskey_digest_type; free(hostkey_digest); /* Initialize host key parameters */ if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type, &hostkey_digest, &hostkey_digest_len, hostkey)) { If we add a couple of debug calls to the current code you can see it verifies both fingerprint types (this machine has SHA1 and SHA256 RSA fingerprints): $ ./ssh -vvv -o verifyhostkeydns=ask -o hostkeyalgorithms=rsa-sha2-256 fw 2>&1 | grep -i dns debug3: verify_host_key_dns debug1: found 4 insecure fingerprints in DNS debug3: verify_host_key_dns: checking SSHFP type 4 fptype 1 debug3: verify_host_key_dns: checking SSHFP type 1 fptype 1 debug1: verify_host_key_dns: matched SSHFP type 1 fptype 1 debug3: verify_host_key_dns: checking SSHFP type 3 fptype 2 debug3: verify_host_key_dns: checking SSHFP type 1 fptype 2 debug1: verify_host_key_dns: matched SSHFP type 1 fptype 2 It'll return success if either validate, though, which is probably not ideal. It should probably ensure that all fingerprints match. Referenced Bugs: bugzilla.mindrot.org/show_bug.cgi?id=3302 [Bug 3302] Tracking bug for openssh-8.7 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Jul-16 12:52 UTC
[Bug 3322] Switch SSHFP default digest to SHA256
bugzilla.mindrot.org/show_bug.cgi?id=3322 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Attachment #3539| |ok?(djm at mindrot.org) Flags| | --- Comment #2 from Darren Tucker <dtucker at dtucker.net> --- Created attachment 3539 --> bugzilla.mindrot.org/attachment.cgi?id=3539&action=edit Simplify verify_host_key_dns() and verify all fingerprints I think this is what it should do: verify all fingerprint types present in DNS. If any fail to verify the overall check fails. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Jul-16 12:57 UTC
[Bug 3322] Switch SSHFP default digest to SHA256
bugzilla.mindrot.org/show_bug.cgi?id=3322 --- Comment #3 from Dmitry Belyavskiy <dbelyavs at redhat.com> --- Yes, it's a proper solution for the verification. I'm more disturbed about creating the new records - I got a (possible wrong) impression that the default value is used on creation. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Jul-16 13:28 UTC
[Bug 3322] Switch SSHFP default digest to SHA256
bugzilla.mindrot.org/show_bug.cgi?id=3322 --- Comment #4 from Darren Tucker <dtucker at dtucker.net> ---> I got a (possible wrong) impression that the default value is used on creation.Creation of the SSHFP records? It iterates over the available digest types in export_dns_rr(): for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { rdata_digest_type = dtype; if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, &rdata_digest, &rdata_digest_len, key)) { $ ./ssh-keygen -r fw fw IN SSHFP 1 1 [...] fw IN SSHFP 1 2 [...] fw IN SSHFP 2 1 [...] fw IN SSHFP 2 2 [...] fw IN SSHFP 3 1 [...] fw IN SSHFP 3 2 [...] fw IN SSHFP 4 1 [...] fw IN SSHFP 4 2 [...] -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Jul-17 02:42 UTC
[Bug 3322] Switch SSHFP default digest to SHA256
bugzilla.mindrot.org/show_bug.cgi?id=3322 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #3539|ok?(djm at mindrot.org) |ok+ Flags| | -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Jul-19 04:20 UTC
[Bug 3322] Verify both SHA1 and SHA256 SSHFP records when both are present
bugzilla.mindrot.org/show_bug.cgi?id=3322 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Switch SSHFP default digest |Verify both SHA1 and SHA256 |to SHA256 |SSHFP records when both are | |present --- Comment #5 from Darren Tucker <dtucker at dtucker.net> --- The patch has been committed and -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Jul-19 04:21 UTC
[Bug 3322] Verify both SHA1 and SHA256 SSHFP records when both are present
bugzilla.mindrot.org/show_bug.cgi?id=3322 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #6 from Darren Tucker <dtucker at dtucker.net> --- ... will be in the next major release. Thanks for the report. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Feb-25 02:57 UTC
[Bug 3322] Verify both SHA1 and SHA256 SSHFP records when both are present
bugzilla.mindrot.org/show_bug.cgi?id=3322 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #7 from Damien Miller <djm at mindrot.org> --- closing bugs resolved before openssh-8.9 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.