openssh bugs - Sep 2013 - [Bug 2154] New: Avoid key lookup overhead when re-keying

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

            Bug ID: 2154
           Summary: Avoid key lookup overhead when re-keying
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: imorgan at nas.nasa.gov

Created attachment 2337
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2337&action=edit
Cache the host key and compare against it when re-keying

Proposal: Cache server host key after initial key exchange

Currently, whenever a key exchange is triggered, the host key offered
by
the server must be verified. This may involve DNS queries or requests
to
read the known hosts files. This can be problematic if
StrictHostKeyChecking is set to "yes" and the verification fails due
to
a temporary problem, such as a corrupted /etc/ssh/ssh_known_hosts file.

It should also be noted that with increasing file transfer rates and
server-side support for time-based re-keying, the overhead of frequent
host key verification becomes more of an issue.

For example, consider an environment where /etc/ssh/ssh_known_hosts is
centrally managed and is the primary source for verifying the
authenticity of hosts. Further, assume that StrictHostKeyChecking is
set
to "yes" and that a damaged copy of the ssh_known_hosts file is
distributed to the client systems. Existing ssh connections which
re-key
while the damaged file is in place will fail to re-key and will then
disconnect. This will tend to impact high-bandwidth connections, such
as
large file transfers or busy X11 sessions. It can also impact regular
login sessions if time-based re-keying is enabled.

To avoid these issues, it might be worthwhile to cache the host key
used
during the initial key exchange. On subsequent key exchanges, the
cached
copy of the previously verified host key could be compared against the
offered host key to avoid some of the overhead.

An initial patch has been attached to this bug, but I'm not sure if it
has unintended any side-effects.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

Iain Morgan <imorgan at nas.nasa.gov> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2337|0                           |1
        is obsolete|                            |

--- Comment #1 from Iain Morgan <imorgan at nas.nasa.gov> ---
Created attachment 2338
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2338&action=edit
Move code slightly and add a debug() statement

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au
             Blocks|                            |2130

--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
idea seems reasonable.  I'm not sure I like the current implementation
because the cached key is stored before all of the validation.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

--- Comment #3 from Iain Morgan <imorgan at nas.nasa.gov> ---
Created attachment 2341
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2341&action=edit
Cache the key after the initial check

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
One downside that just occurred to me: caching the key will skip
revoked keys checks. I'm not sure whether this matters, since relying
on rekeying to detect compromised keys is pretty hit and miss anyway.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2188

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Retarget incomplete bugs / feature requests to 6.6 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|2130                        |

--- Comment #6 from Damien Miller <djm at mindrot.org> ---
Retarget incomplete bugs / feature requests to 6.6 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2226

--- Comment #7 from Damien Miller <djm at mindrot.org> ---
Retarget to 6.7 release, since 6.6 was mostly bugfixing.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|2188                        |

--- Comment #8 from Damien Miller <djm at mindrot.org> ---
Remove from 6.6 tracking bug

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2338|0                           |1
        is obsolete|                            |
   Attachment #2341|0                           |1
        is obsolete|                            |
             Status|NEW                         |ASSIGNED
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org

--- Comment #9 from Damien Miller <djm at mindrot.org> ---
Created attachment 2450
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2450&action=edit
updated patch

Update to -current

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gturner at unzane.com

--- Comment #10 from Damien Miller <djm at mindrot.org> ---
*** Bug 2194 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #11 from Damien Miller <djm at mindrot.org> ---
applied - this will be in openssh-6.7. Thanks!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2154

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #12 from Damien Miller <djm at mindrot.org> ---
Close all bugs left open from 6.6 and 6.7 releases.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.