IETF Logo Mail Archive

Re: [Curdle] Client-side SSH_MSG_EXT_INFO: Use it or lose it principle!

Ron Frederick <ronf@timeheart.net> Sun, 03 May 2020 06:14 UTC

Return-Path: <ronf@timeheart.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B9913A15BF for <curdle@ietfa.amsl.com>; Sat, 2 May 2020 23:14:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=timeheart.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CUxhfKx6N9B4 for <curdle@ietfa.amsl.com>; Sat, 2 May 2020 23:14:31 -0700 (PDT)
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE2713A15BE for <curdle@ietf.org>; Sat, 2 May 2020 23:14:31 -0700 (PDT)
Received: by mail-pj1-x1030.google.com with SMTP id hi11so2238710pjb.3 for <curdle@ietf.org>; Sat, 02 May 2020 23:14:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=timeheart.net; s=mail; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=+nHNXUuRUZoNekjjpS1Ntrgs6AJiaZv1YOjAZ8+Bg6U=; b=IdCkLdLCvLWuDuDWPcak1Aa1torQaRjbDSPPWzkGPYRBqu90WDM8Ia67vni13wPAph tyBBsG2xC+tNYhIXwnAMwsTbeZAfX2qwEYtItfh2USkR+lJ70x8oMneJB6m+KqPLP7+1 en/YKzijFB5fD0XHsr0fjG4bWycE6r/9+O+cU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=+nHNXUuRUZoNekjjpS1Ntrgs6AJiaZv1YOjAZ8+Bg6U=; b=VqmmDXryk02LRrLl8nYeAaCrjUhahFamcAWmv2kUszNWTAZaGL9iE/nyY9Irb4yVEs /7QXa+F/R5IKTrz6kihxtkoU4A0L7CrtgWS2tn8Y90n2RIy3Ud+yhcAM4DXRtljjWzuG ElwfPN+bYoccCXj7i0YsnGFhlV2eneJ745bWwaftB54WoC5Rd+l4Y7D8l/zckhnWemqT z8e5zG+QTPnJYqMguDVkYvd0PTu6hKDSUhNdqRBnoD1gSAxA2ihw0oQHjy2luiIGEXrM i+yD1Ygw1YLiuU8sLLJiDgULDz/a08U7jcZdnBAV8VLbfkc3LtLHuOHmd9m4gWoSoECG hxRw==
X-Gm-Message-State: AGi0Pub7klI5HqJyaAMPfoSnRTkAfhRY0eYyCcgE3KF/krZ9P9K85Qz4 w0WQTtyq75uUZn7WpgiBofumNw==
X-Google-Smtp-Source: APiQypK0mYMywPFvkujQeNa8ShKBsr0MXMJA3VrPCwHlzaTG3pV9tTmHM30n5wYVD43HUcU1f0L6fQ==
X-Received: by 2002:a17:902:c214:: with SMTP id 20mr771241pll.17.1588486470760; Sat, 02 May 2020 23:14:30 -0700 (PDT)
Received: from connect.timeheart.net.0.4.a.f.8.1.4.2.0.3.3.0.6.2.ip6.arpa ([2603:3024:18fa:4000::2]) by smtp.gmail.com with ESMTPSA id kb10sm3804466pjb.6.2020.05.02.23.14.29 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 02 May 2020 23:14:29 -0700 (PDT)
From: Ron Frederick <ronf@timeheart.net>
Message-Id: <FD39369F-62BE-48D2-967E-0D70F9955E17@timeheart.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6B8C0969-53CF-4F0F-BD2C-F651CF5B2DEA"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
Date: Sat, 02 May 2020 23:14:28 -0700
In-Reply-To: <CADPMZDAvv23SKg2ZiTBH+Ec6M135zonsnNFaiinAKwszj-ap8g@mail.gmail.com>
Cc: curdle <curdle@ietf.org>, ietf-ssh@netbsd.org
To: denis bider <denisbider.ietf@gmail.com>
References: <CADPMZDBcOtUaUBJKn20yEpLi=pmse2SgiXpZXArAKLyKTeS-GQ@mail.gmail.com> <E15E856F-478A-499A-8A59-EB907099E777@timeheart.net> <CADPMZDAvv23SKg2ZiTBH+Ec6M135zonsnNFaiinAKwszj-ap8g@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/7V9I3Sh1xWJl-LyEjG0VFXbcwv8>
Subject: Re: [Curdle] Client-side SSH_MSG_EXT_INFO: Use it or lose it principle!
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 May 2020 06:14:34 -0000

On Apr 26, 2020, at 10:33 PM, denis bider <denisbider.ietf@gmail.com> wrote:
> Awesome!
> 
> Yes, the idea of "global-requests-ok" is not to make the client do anything different. It's to reassure the server that the client won't violate the spec if the server sends a global request.
> 
> The main motivating usage case is so the server can feel at liberty to send the global request "hostkeys-00@openssh.com <mailto:hostkeys-00@openssh.com>" after user authentication:
> 
> https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL?annotate=HEAD <https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL?annotate=HEAD>
> This is essential functionality which allows clients and servers to change host keys without requiring administrative intervention at each client installation.
> 
> Without "global-requests-ok", the server needs a database of client version strings to which it's safe to send the "hostkeys" global request. Otherwise, it can't send it because a bunch of half-baked clients (I'm counting 7 in our list) are borked and can't handle receiving a global request. Or they can handle it usually, but not when they're expecting a response to a channel open.

Yeah, understood. So far, I haven’t implemented “hostkeys" support in AsyncSSH. I may do that at some point, but I’ll probably just do the new host key validation in AsyncSSH but leave it up to the application code to decide if it actually wants to update the list of known_hosts or not (and if so, where). Right now, AsyncSSH will read from ~/.ssh/known_hosts by default if you don’t specify another source, but it never actually modifies that file. In fact, most of the ways of specifying known_hosts in AsyncSSH are focused on providing the set of hosts dynamically, or even allowing applications to provide their own logic to determine whether a specific host key should be trusted or not for a given host/port, so I’d want to do the same thing with reporting new host keys a server advertises.

Since I don’t have this support yet, I haven’t needed to worry about which clients can properly handle global requests or not. I do use global requests in both directions as part of the implementation of "keepalive@openssh.com <mailto:keepalive@openssh.com>”, but so far I haven’t run into any issues with that. That’s disabled by default, though, so perhaps people are only enabling with peers that don’t have issues with global requests.


> Meanwhile I've received more info about the implementation that disconnects on receiving EXT_INFO from the client. The bug is unfortunately in a widely used Java SSH library. The information I received suggests it's going to be fixed, but I'm afraid there are already a fair number of deployed servers that have the issue.

Interesting. Does it fail on ANY global request being sent from a server, or is it only at certain points that it doesn’t handle these messages correctly?


> While I'm wishing things - I would also like the "delay-compression" extension to be more widely supported because it's the only delayed-compression mechanism that (1) does not have a race condition by design (zlib@openssh.com <mailto:zlib@openssh.com>), and (2) does not require a second key exchange after user authentication (PuTTY mitigation).

Is RFC 8308 the right reference for this option? Are there any implementations of this so far other than from Bitvise?

Also, I’m not familiar with the PuTTY issue around needing a second key exchange. Is that documented somewhere?
-- 
Ron Frederick
ronf@timeheart.net

v2.23.0 | Report a Bug | By Email