IETF Logo Mail Archive

Re: Universal 2nd Factor (U2F) Authentication for Secure Shell?

Ron Frederick <ronf@timeheart.net> Thu, 05 January 2017 05:53 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A1EB129533 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 4 Jan 2017 21:53:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.399
X-Spam-Level:
X-Spam-Status: No, score=-7.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=timeheart.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wbnZP53qU-DS for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 4 Jan 2017 21:52:57 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B21FA12952E for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Wed, 4 Jan 2017 21:52:57 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 14BA6855D2; Thu, 5 Jan 2017 05:52:57 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id B0A34855CB; Thu, 5 Jan 2017 05:52:56 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 0D56C855A9 for <ietf-ssh@netbsd.org>; Wed, 4 Jan 2017 04:46:20 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=timeheart.net
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 9qAyvGjbrBJ4 for <ietf-ssh@netbsd.org>; Wed, 4 Jan 2017 04:46:19 +0000 (UTC)
Received: from mail-pf0-x22b.google.com (mail-pf0-x22b.google.com [IPv6:2607:f8b0:400e:c00::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 2DA8C8557C for <ietf-ssh@netbsd.org>; Wed, 4 Jan 2017 04:46:18 +0000 (UTC)
Received: by mail-pf0-x22b.google.com with SMTP id 189so80269811pfz.3 for <ietf-ssh@netbsd.org>; Tue, 03 Jan 2017 20:46:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=timeheart.net; s=mail; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=EZIMoizQ1mzGHdtdeAPxYaxhGDDU0A/YCSKgvL11SY4=; b=TWN4Pb4BBWV9w3NBEqaULfRuc47L+446GqrNlnQRRbNc/FCktyFrWvgQetk9+SOHqN VlU4SumhpoVEQXsfQQFchXVJOD1Llskw3bDCNMbMNkJbtYJ+KJJD+WVkriZ5NzLWy0MF 5d5ossSTGVWrACZxgEbzWu7CLq8Kk63Pf6eMg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=EZIMoizQ1mzGHdtdeAPxYaxhGDDU0A/YCSKgvL11SY4=; b=adDtNbdi2kj4C1IhhCGyN9zJalst5Lmz0135QFcx4pZzCjE+xGUEBwtXI33/Yg6Psv CPSewL48HBHIGiv+D9DrG8ws9Ozinb9+4wWyH7dxxbycLM8w5eEq09ZVKWAswmzkTuOB 1iFxdLs5S8O2CQj8TRGSJiNH9O02Bv7ldVYW7x19OQvyygXUbgyEFgHtFHxNxIlgYhz4 9EQ5cE6RIcD3Q+WlFmx0IXzD1P4LDiGz+2RrlK6oXSu1OZO5f89n3ctOiJHjNAVIX+6M wMIOxzgcG7lPu9Tu2E4KDcjQ5OHf2ukFkB3uHgCdlhM0AjUIch6/dw7/ONCwXKx6eoOi pdRw==
X-Gm-Message-State: AIkVDXJoU/2vQSnxbNQ8jwInYjrKgaIXHxtM/KSlKSY5ZCiIONaOGINe+a/+Pk57OBhM0w==
X-Received: by 10.84.214.1 with SMTP id h1mr144184947pli.47.1483505177653; Tue, 03 Jan 2017 20:46:17 -0800 (PST)
Received: from ?IPv6:2601:647:4282:2200:cfa:5497:d692:7eeb? ([2601:647:4282:2200:cfa:5497:d692:7eeb]) by smtp.gmail.com with ESMTPSA id p64sm143327563pfi.88.2017.01.03.20.46.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Jan 2017 20:46:16 -0800 (PST)
From: Ron Frederick <ronf@timeheart.net>
Message-Id: <F24913CC-2385-45D6-85C3-B390673190DF@timeheart.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_BDA02452-3532-4013-843A-5660A4C98A0B"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: Universal 2nd Factor (U2F) Authentication for Secure Shell?
Date: Tue, 03 Jan 2017 20:46:15 -0800
In-Reply-To: <20170103121647.GF4689@serpens.de>
Cc: ietf-ssh@NetBSD.org
To: "S.P.Zeidler" <spz@serpens.de>
References: <20170103121647.GF4689@serpens.de>
X-Mailer: Apple Mail (2.3259)
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

On Jan 3, 2017, at 4:16 AM, S.P.Zeidler <spz@serpens.de> wrote:
> I've encountered
> https://www.ietf.org/archive/id/draft-josefsson-secsh-u2f-00.txt
> and wondered if this august forum had an opinion both on making u2f
> available in SSH and the draft given.


There are multiple things that don’t make sense to me or that I’d want to change in this draft.

First and foremost, I don’t think it makes sense for the RegisterRequest to be done inside an SSH_MSG_USERAUTH_REQUEST. This is not part of authenticating a client. It’s a step which would have to be done on the server machine by the owner of the account which is being logged into where they decide what U2F tokens they want to accept and they create appropriate entries in authorized_keys. I could imagine a took like ssh-keygen being augmented to speak the necessary protocol to generate the U2F registration request and retrieve the response and convert it into an appropriate form for insertion into authorized_keys, but I don’t see it as making sense during SSH client authentication. That step should only need to do the SignRequest/SignResponse handshake, assuming there was an appropriate U2F key entry which was trusted.

That leads to the next issue, which is that there’s no description of what this authorized_key entry should look like. Also, since the authorized_key file is used today for public keys and certificates, is this really the right file? Perhaps registered U2F keys should be kept in a separate file designed specifically for this purpose. I don’t really see the advanced in combining the two, unless there is an intention of wanting to take advantage of the options available in authorized_keys. Some of those (like cert-authority and principals) don’t really make sense, though, and since U2F is designed to be used as a secondary authentication to strengthen other auth mechanisms, it’s not clear it makes sense for these keys to end up deciding things like what SSH features should be allowed to be used. If a combination of public key and U2F authentication is used, which set of options should apply to the resulting connection?

In terms of the specifics of the proposed messages, it appears that the values SSH2_MSG_USERAUTH_INFO_REQUEST and SSH2_MSG_USERAUTH_INFO_RESPONSE defined for use in keyboard-interactive authentication are being repurposed here. I think it would be better to define new SSH2_MSG_USERAUTH values specific to U2F here, even if the assigned numbers are reused. For instance, the message names could be SSH2_MSG_USERAUTH_SIGN_REQUEST and SSH2_MSG_USERAUTH_SIGN_RESPONSE. If the registration is done out of band, there’s also no need for the “U2F mode” integer in the original USERAUTH request.

Finally, setting both “origin” and “appId” to “ssh://localhost <ssh://localhost>” when creating the U2F tokens also doesn’t seem quite right. It seems to me like there might be some value in allowing tokens associated with specific user or host principals, similar to what is done for SSH certificates. However, I’m not all that familiar with U2F, so I don’t know how those fields are typically used.

Was a prototype of this ever implemented?
-- 
Ron Frederick
ronf@timeheart.net

v2.23.0 | Report a Bug | By Email