P.S.:
Steffen Nurpmeso wrote in
<20240707025234.j3oUaPFH at steffen%sdaoden.eu>:
|Steffen Nurpmeso wrote in
| <20240704180538.iV4uex29 at steffen%sdaoden.eu>:
||Simon Josefsson wrote in
|| <87jzi1fg24.fsf at kaka.sjd.se>:
|||Jochen Bern <Jochen.Bern at binect.de> writes:
|||> (And since you mention "port knocking", I'd like to
repeat how fond I
|||> am of upgrading that original concept to a single-packet
|||> crypto-armored implementation like fwknop.)
|||
|||I am reluctantly considering to use some kind of port knocking mechanism
|||on some machines, however I really don't want to carry around shared
...
|||Does anyone know of any implementation that allows me to configure a
|||PGP/SSH/FIDO/TPM/whatever public key on the server side, and it then
|||only listens to signed port knocks from the corresponding private keys?
| ...
||No, but for many years i do have a super simple port-knock server
||to do the I/O plus sh(1)ell based client which can do .. whatever.
| ...
||With the possibilities that ssh-keygen -Y sign|verify have added,
||one could easily adapt the server and client to send "user-name
||MSG", so that the server could look into authorized_keys of
||user-name and verify MSG, whatever that is.
|
|Hey! That vision of yours, in conjunction with that -Y
|possibility of ssh-keygen thrilled me so much i wrote a draft.
...
So no, despite that this did not freeaddrinfo() and did not
correctly set exit status twice (in early program state), i do not
like TCP and think TLS in addition makes it worse, with these
multiple packets back and forth.
I thus have built upon my old thing that i use for years, and will
attach it. It has a very simple UDP server (-lsocket on
OpenIndiana when doing "CC -o /sbin/s-port-knock-bin), and
massively changed the script to produce packets like
1. password encrypted by X509 pubkey (base64) + LF
2. LF (gives as room to place a NUL upon receive)
3. SSH signature cipher-encrypted with password in 1. (base64) + LF
Ie after placing some SSH principals in /tmp/.Zsigs,
cd /tmp/
gcc -o ./zt ./s-port-knock-bin.c
./s-port-knock.sh create-server-key .Zkey
we can do
PORT_KNOCK_BIN=/tmp/zt ./s-port-knock.sh \
start-server -v 45045 \
/tmp/s-port-knock.sh /tmp/.Zkey-pri.pem /tmp/.Zsigs
and in another window
PORT_KNOCK_BIN=/tmp/zt ./s-port-knock.sh \
knock localhost 45045 .Zkey-pub.pem SOME-PUB-SSH-KEY
and if that key is in .Zsigs it works.
One can create a MAGIC and overwrite the block and allow hooks by
starting the server (/ the client) with the environment variable
PORT_KNOCK_RC pointing to some file. The environment is not
cleared so that is passed through. Ie
MAGIC=hallo
act_block() { echo >&2 '.XRC blocking '$1; }
act_allow() { echo >&2 '.XRC allowing '$1', principal:
'$2; }
The magic is what SSH with create a signature for, fwiw.
Oh, and this does not work on OpenBSD for now, because they do not
know about the AI_V4MAPPED flag, .. wait .., i quickly added
C preprocessor shims. However, (then) only IPv6 is supported for
now, there (untested, thus). On FreeBSD it seems you need to set
sysctl net.inet6.ip6.v6only=0
(look for rc.conf:ipv6_ipv4mapping="NO" and change, maybe).
On OpenIndiana, despite -lsocket, one should fill in the OPENSSL
variable with the right path right away, like this:
PORT_KNOCK_BIN=/tmp/zt OPENSSL=/usr/openssl/3.1/bin/openssl \
./s-port-knock.sh knock localhost 45045 \
/tmp/.Zkey-pub.pem SSH-PUBKEY
the rest works out of the box.
Anyhow, this approach i like much better than TLS.
It is a bit ugly that ssh-keygen does not give access to the PEM
version of the OpenSSL private key, on the other hand encryption
only works for RSA (in the western world, and libsodium, on the
other hand, would allow this for Ed25519 it seems, too, and i also
had a quick look at the report that claims this is a save thing
to do, last week, but i am not a cryptographer and thus i would
not do that, despite the fact that this is libsodium only; yes,
there is a OpenSSL thing open for long, but it seems they talk(ed)
him down .. i dunno, really). And the chinese algorithm, that
much is plain, cannot be generated by OpenSSL (yet), and not
portably anyway.
I will attach these, i like them. Maybe i find time to make the
OpenBSD variant work for IPv4 and IPv6, but i think it needs two
sockets and select(2), so this is a bit of work.
Ciao, and a nice Sunday everybody.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: s-port-knock.sh
Type: text/x-shellscript
Size: 9209 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240714/946a8e24/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: s-port-knock-bin.c
Type: text/x-csrc
Size: 9707 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240714/946a8e24/attachment-0003.bin>
Steffen Nurpmeso wrote in <20240714024434.vvSRh10_ at steffen%sdaoden.eu>: ... |[.]do not |know about the AI_V4MAPPED flag[.] I have read https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 but as an application developer i find it ugly not to be able to "simply do it", and get back a mapped address. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Hello (and finally),
Steffen Nurpmeso wrote in
<20240714024434.vvSRh10_ at steffen%sdaoden.eu>:
...
|Anyhow, this approach i like much better than TLS.
|It is a bit ugly that ssh-keygen does not give access to the PEM
|version of the OpenSSL private key, on the other hand encryption
|only works for RSA (in the western world, and libsodium, on the
|other hand, would allow this for Ed25519 it seems, too, and i also
...
|I will attach these, i like them. Maybe i find time to make the
|OpenBSD variant work for IPv4 and IPv6, but i think it needs two
|sockets and select(2), so this is a bit of work.
So i did that. It became a "more regular thing" while doing that,
ie, with a README (and a big fat warning that this thing should be
firewall protected), with nicer -h for the script, etc etc.
I keep using IPv6 and mapped address except on *BSD, it works
nicely on Linux and OpenIndiana.
It is only a pity that the new algorithms do not "simply" allow
encryption, and that OpenSSH does not reveal a PEM variant of the
private key (for "decrypting", then), so that OpenSSL is needed in
addition, at all.
Anyhow this is much smaller than installing OpenVPN for some knock
daemon (if i understood the discussion right), and i use it.
Thanks, and ciao,
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
-------------- next part --------------
S - p o r t - k n o c k
======================
A simple port knock implementation.
It requires modern OpenSSH (ssh-keygen(1)), openssl(1) and sh(1)
implementations. (It actively searches for bash(1) *if* the sh(1)
seems insufficient. $OPENSSL= may be passed to dedicate that.)
BIG FAT WARNING
---------------
This software MUST be protected by suitable firewall rules!
Any network packet sent to it causes a sh(1)ell script to run!
For example the author uses this Linux firewall rule which effectively
allows only one packet per source address per minute (and causes a
hour-long block otherwise).
# port_knock: input only server
if fwcore_has_i port_knock; then
: ${FWCORE_PORT_KNOCK:?port_knock needs FWCORE_PORT_KNOCK}
if ipaddr_split ap "${FWCORE_PORT_KNOCK}"; then
add_rule -p udp --dport ${port} \
-m recent --name port_knock --set \
-m recent --name port_knock \
--rcheck --seconds 60 --reap --hitcount 2 \
-m recent --name alien_super --set -j DROP
add_rule -p udp --dport ${port} -j f_m1
fi
fi
What does this software do?
---------------------------
On servers:
. If the packets seems sane,
. the OpenSSL private key is used to decrypt the random key,
. the random key is used to decrypt the signature,
. the "ssh-keygen -Y" mechanism is used to find a principal for the
signature in the "allowed signers" file.
. (If a $MAGIC string is required, the signature is also verified.)
. On any stage a failure causes the act_block() action,
. upon overall success the act_allow() action is applied.
# cd /tmp/
# $CC -o zt s-port-knock-bin.c
# head -n1 ~/.ssh/authorized_keys > .Zpub1
# { printf 'uid1 '; cat .Zpub1; } > .Zsigs
# echo MAGIC= > .Z.rc
# ./s-port-knock.sh create-server-key .Zk
# PORT_KNOCK_BIN=./zt PORT_KNOCK_SHELL=/bin/bash PORT_KNOCK_RC=./.Z.rc \
./s-port-knock.sh start-server -v 10000 s-port-knock.sh \
.Zk-pri.pem .Zsigs
On clients:
. Creates a signature for a SSH public key via "ssh-keygen -Y",
. (if a $MAGIC string is required, includes that in the signature),
. encrypts that with a random key,
. and encrypts the random key for a dedicated target server via an
(its) OpenSSL public key,
. sends the resulting packet to that server,
. invokes the $PORT_KNOCK_RC act_sent() hook; if that does not return 0,
the packet is sent again, etc.
# cd /tmp/
# PORT_KNOCK_BIN=./zt PORT_KNOCK_RC=./.Z.rc \
./s-port-knock.sh knock localhost 10000 .Zk-pub.pem .Zpub1
Build and Install
-----------------
gcc -o /usr/sbin/s-port-knock-bin s-port-knock-bin.c
cp s-port-knock.sh /usr/bin
RELEASES
--------
v0.8.0, 2024-07-17: (first release)
+ Linux (musl, glibc), *BSD:
As above. (IPv6 support is assumed.)
+ OpenIndiana 2024:
$ LD_LIBRARY_PATH=/usr/openssl/3.1/lib/amd64:$LD_LIBRARY_PATH \
C_INCLUDE_PATH=/usr/openssl/3.1/include:$C_INCLUDE_PATH \
gcc -o /usr/sbin/s-port-knock-bin s-port-knock-bin.c -lsocket
is needed in the environment for the build.
You may need to pass OPENSSL=PATH to the s-port-knock* commands.
# s-ts-mode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: s-port-knock.sh
Type: text/x-shellscript
Size: 10875 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240718/86d7022b/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: s-port-knock-bin.c
Type: text/x-csrc
Size: 12521 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240718/86d7022b/attachment-0003.bin>