Re: Universal 2nd Factor (U2F) Authentication for Secure Shell?
Simon Josefsson <simon@josefsson.org> Fri, 06 January 2017 08:20 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03BDF129C59 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Fri, 6 Jan 2017 00:20:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.3
X-Spam-Level:
X-Spam-Status: No, score=-7.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YiFmfIn3c52d for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Fri, 6 Jan 2017 00:20:50 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 087E5129C55 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Fri, 6 Jan 2017 00:20:49 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id DAA0F855E1; Fri, 6 Jan 2017 08:20:48 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 9255985581; Fri, 6 Jan 2017 08:20:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B337985606 for <ietf-ssh@NetBSD.org>; Thu, 5 Jan 2017 22:29:50 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id z56kSU31m2GX for <ietf-ssh@netbsd.org>; Thu, 5 Jan 2017 22:29:49 +0000 (UTC)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 633F384CEE for <ietf-ssh@NetBSD.org>; Thu, 5 Jan 2017 22:29:47 +0000 (UTC)
Received: from latte.josefsson.org ([IPv6:2001:9b0:104:42::17d]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id v05MTTnL010706 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Thu, 5 Jan 2017 23:29:30 +0100
Date: Thu, 05 Jan 2017 23:29:22 +0100
From: Simon Josefsson <simon@josefsson.org>
To: "S.P.Zeidler" <spz@serpens.de>
Cc: Ron Frederick <ronf@timeheart.net>, ietf-ssh@NetBSD.org, michael+mindrot@stapelberg.de
Subject: Re: Universal 2nd Factor (U2F) Authentication for Secure Shell?
Message-ID: <20170105232922.5ba00ef4@latte.josefsson.org>
In-Reply-To: <20170104132629.GH4689@serpens.de>
References: <20170103121647.GF4689@serpens.de> <F24913CC-2385-45D6-85C3-B390673190DF@timeheart.net> <20170104132629.GH4689@serpens.de>
X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; boundary="Sig_/Gpf+.coq0xkPAJH3CG55+7c"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.99.2 at duva.sjd.se
X-Virus-Status: Clean
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Hello, The draft is indeed an unfinished work, and the issues you bring up are relevant. I don't have cycles to drive this draft right now, but I'm happy to merge patches and publish new versions if someone wants to step up and become co-author. I'm happy to hand over control too. The draft is on gitlab: https://gitlab.com/jas/ietf-secsh-u2f /Simon > Hi, > > Cc'ing the proposers, so keeping the mail unweeded: > > Thus wrote Ron Frederick (ronf@timeheart.net): > > > On Jan 3, 2017, at 4:16 AM, S.P.Zeidler <spz@serpens.de> wrote: > > > I've encountered > > > https://www.ietf.org/archive/id/draft-josefsson-secsh-u2f-00.txt > > > and wondered if this august forum had an opinion both on making > > > u2f available in SSH and the draft given. > > > > > > There are multiple things that don’t make sense to me or that I’d > > want to change in this draft. > > > > First and foremost, I don’t think it makes sense for the > > RegisterRequest to be done inside an SSH_MSG_USERAUTH_REQUEST. This > > is not part of authenticating a client. It’s a step which would > > have to be done on the server machine by the owner of the account > > which is being logged into where they decide what U2F tokens they > > want to accept and they create appropriate entries in > > authorized_keys. I could imagine a took like ssh-keygen being > > augmented to speak the necessary protocol to generate the U2F > > registration request and retrieve the response and convert it into > > an appropriate form for insertion into authorized_keys, but I don’t > > see it as making sense during SSH client authentication. That step > > should only need to do the SignRequest/SignResponse handshake, > > assuming there was an appropriate U2F key entry which was trusted. > > > > That leads to the next issue, which is that there’s no description > > of what this authorized_key entry should look like. Also, since the > > authorized_key file is used today for public keys and certificates, > > is this really the right file? Perhaps registered U2F keys should > > be kept in a separate file designed specifically for this purpose. > > I don’t really see the advanced in combining the two, unless there > > is an intention of wanting to take advantage of the options > > available in authorized_keys. Some of those (like cert-authority > > and principals) don’t really make sense, though, and since U2F is > > designed to be used as a secondary authentication to strengthen > > other auth mechanisms, it’s not clear it makes sense for these keys > > to end up deciding things like what SSH features should be allowed > > to be used. If a combination of public key and U2F authentication > > is used, which set of options should apply to the resulting > > connection? > > > > In terms of the specifics of the proposed messages, it appears that > > the values SSH2_MSG_USERAUTH_INFO_REQUEST and > > SSH2_MSG_USERAUTH_INFO_RESPONSE defined for use in > > keyboard-interactive authentication are being repurposed here. I > > think it would be better to define new SSH2_MSG_USERAUTH values > > specific to U2F here, even if the assigned numbers are reused. For > > instance, the message names could be SSH2_MSG_USERAUTH_SIGN_REQUEST > > and SSH2_MSG_USERAUTH_SIGN_RESPONSE. If the registration is done > > out of band, there’s also no need for the “U2F mode” integer in the > > original USERAUTH request. > > > > Finally, setting both “origin” and “appId” to “ssh://localhost > > <ssh://localhost>” when creating the U2F tokens also doesn’t seem > > quite right. It seems to me like there might be some value in > > allowing tokens associated with specific user or host principals, > > similar to what is done for SSH certificates. However, I’m not all > > that familiar with U2F, so I don’t know how those fields are > > typically used. > > I would like to be able to discern targets for U2F too, i.e. > list both the token logging in, and the user@host being logged in to, > in their appropriate fields. > > > Was a prototype of this ever implemented? > > As patches against OpenSSH, with some discussion too: > https://bugzilla.mindrot.org/show_bug.cgi?id=2319 > > regards, > spz
- Universal 2nd Factor (U2F) Authentication for Sec… S.P.Zeidler
- Re: Universal 2nd Factor (U2F) Authentication for… Ron Frederick
- Re: Universal 2nd Factor (U2F) Authentication for… S.P.Zeidler
- Re: Universal 2nd Factor (U2F) Authentication for… Simon Josefsson
- Re: Universal 2nd Factor (U2F) Authentication for… Mouse