From owner-freebsd-security@freebsd.org Sun Sep 5 13:54:20 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AA68867BB4F for ; Sun, 5 Sep 2021 13:54:20 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (static-74-106-232-4.bltmmd.fios.verizon.net [74.106.232.4]) by mx1.freebsd.org (Postfix) with ESMTP id 4H2Y172ct2z4mNl; Sun, 5 Sep 2021 13:54:19 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:becd] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:becd]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 0FA121208; Sun, 5 Sep 2021 13:54:13 +0000 (UTC) To: FreeBSD Hackers , freebsd-current , freebsd-security@freebsd.org From: Eric McCorkle Subject: PAM module for loading ZFS keys on login Message-ID: Date: Sun, 5 Sep 2021 09:54:26 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4H2Y172ct2z4mNl X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of eric@metricspace.net has no SPF policy when checking 74.106.232.4) smtp.mailfrom=eric@metricspace.net X-Spamd-Result: default: False [-0.71 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[eric]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[metricspace.net]; AUTH_NA(1.00)[]; MID_RHS_MATCH_FROM(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_SPAM_SHORT(0.29)[0.288]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:701, ipnet:74.106.224.0/19, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Sep 2021 13:54:20 -0000 All, This patch creates a new PAM module that will load a ZFS key upon a successful login: https://reviews.freebsd.org/D31844. It will use the user's auth token as the key argument to loading a ZFS encryption key on a user-specific ZFS data set. This is the other side of my changeset to have autounmountd unload ZFS keys when it unloads a filesystem. (Here: https://reviews.freebsd.org/D31725) With these two changes, it should be possible to have ZFS encrypted home directories with keys dynamically loaded when users log in, and unloaded when their home directories are unmounted. Please review and comment. From owner-freebsd-security@freebsd.org Thu Sep 9 18:02:33 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0BD776744AF for ; Thu, 9 Sep 2021 18:02:33 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-io1-f45.google.com (mail-io1-f45.google.com [209.85.166.45]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H56Kg4cg5z4qB2 for ; Thu, 9 Sep 2021 18:02:31 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-io1-f45.google.com with SMTP id z1so3456499ioh.7 for ; Thu, 09 Sep 2021 11:02:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=WQ4t5qRPMMnyUVsJfOrOeVNDWnF1LNIzJYjBd7rr1po=; b=ajqXxEbFegYAULObjaGspuJtjZMGfB5wtQmg5ZsRJ3RG66Eib0Fx+iwk9+hvjHCRoe fSHDclbIPkrlF+uPMEuZXLMBGP/kmROV1sAegOPvOQbrb1pHsY59Vb6sGY65SFmMz3nw c2CY5sHRGGjMO9PH86rJYDoNpaN2FHmEI6NC4dB5DiF/G9AWDrG2Q3cNcvsIuWmBhKi9 bRzR7AeH7cQYF3txpQ3c3lwuvHFKKSlTOKl4OIt0J5Q09w45Cs3ezZB8n8/+pWb/s38o m3UTOichmpDqj3gcgai9FIvRwIqFAXge1hOEI0KOA6JoiEFy5Ts1CsEa4gW/w7Ak2/MH /cEA== X-Gm-Message-State: AOAM532ei3goJNzUVC/9Kq41/ZOi98rW7dDSwrZaQVwcjKL4axR1qpdh 0vrR/UOghO70/BDQv3oW/5QGag3VkTcsGlAIyBCXZjVxgEQ= X-Google-Smtp-Source: ABdhPJyFsp4IaKZyibYelJ4mqZRnEDP4MJZ0+b3l3PvS6lC0m+iAJFEArPCr+Ol9guNvy6Ewn76ZEC+Jj2b6PTXvvf8= X-Received: by 2002:a02:95ee:: with SMTP id b101mr1001601jai.96.1631210544246; Thu, 09 Sep 2021 11:02:24 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ed Maste Date: Thu, 9 Sep 2021 14:01:57 -0400 Message-ID: Subject: Important note for future FreeBSD base system OpenSSH update To: freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4H56Kg4cg5z4qB2 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of carpeddiem@gmail.com designates 209.85.166.45 as permitted sender) smtp.mailfrom=carpeddiem@gmail.com X-Spamd-Result: default: False [-2.68 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; TO_DOM_EQ_FROM_DOM(0.00)[]; FREEFALL_USER(0.00)[carpeddiem]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_SHORT(-0.68)[-0.683]; RCVD_TLS_ALL(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[209.85.166.45:from]; FORGED_SENDER(0.30)[emaste@freebsd.org,carpeddiem@gmail.com]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.166.45:from]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; MIME_TRACE(0.00)[0:+]; FROM_NEQ_ENVFROM(0.00)[emaste@freebsd.org,carpeddiem@gmail.com]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2021 18:02:33 -0000 We now have OpenSSH 8.7p1 in the base system and I will MFC it to stable branches soon. (FIDO/U2F support is one of the most anticipated new features available in this OpenSSH version, but it is not yet enabled in the base system - additional work is ongoing.) There is an important caveat to be aware of for the next base system update though - I've reproduced it below (from OpenSSH's release notes, https://www.openssh.com/releasenotes.html). The notice includes a command to run to determine if a server will be affected by this issue - I would appreciate it if folks can try it with servers they use and report back, to help determine if this will be an issue in practice and to help guide the next base system update. Imminent deprecation notice =========================== OpenSSH will disable the ssh-rsa signature scheme by default in the next release. In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1 hash algorithm in conjunction with the RSA public key algorithm. It is now possible[1] to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. Note that the deactivation of "ssh-rsa" signatures does not necessarily require cessation of use for RSA keys. In the SSH protocol, keys may be capable of signing using multiple algorithms. In particular, "ssh-rsa" keys are capable of signing using "rsa-sha2-256" (RSA/SHA256), "rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of these is being turned off by default. This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs that is still enabled by default. The better alternatives include: * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been supported since OpenSSH 7.2 and are already used by default if the client and server support them. * The RFC8709 ssh-ed25519 signature algorithm. It has been supported in OpenSSH since release 6.5. * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These have been supported by OpenSSH since release 5.7. To check whether a server is using the weak ssh-rsa public key algorithm, for host authentication, try to connect to it after removing the ssh-rsa algorithm from ssh(1)'s allowed list: ssh -oHostKeyAlgorithms=-ssh-rsa user@host If the host key verification fails and no other supported host key types are available, the server software on that host should be upgraded. OpenSSH recently enabled the UpdateHostKeys option by default to assist the client by automatically migrating to better algorithms. [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust" Leurent, G and Peyrin, T (2020) https://eprint.iacr.org/2020/014.pdf From owner-freebsd-security@freebsd.org Fri Sep 10 15:33:12 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7DFA06AE75B for ; Fri, 10 Sep 2021 15:33:12 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-io1-f48.google.com (mail-io1-f48.google.com [209.85.166.48]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H5fyv3LlKz4qZG for ; Fri, 10 Sep 2021 15:33:11 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-io1-f48.google.com with SMTP id y18so2866710ioc.1 for ; Fri, 10 Sep 2021 08:33:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=GmO8pLg2LmuUjru1TJJB3+hB5vKAAXR0hzI8o4+i/O0=; b=AjZINpwGJQCb+8e2y8PEtDF8Ce+zxpee7nlHB/cUq//leWbzwz3fSM60bkZap5JGSx yX74robMOessjWa9D+bCIKPQMFfCVd9hKk84VFGkmDJIXkeqnbQF0tU15rBvUGMGsmKD gDycWRq42USLx2fg3yuyCY0k5Ue19+cv1cKz128AXjsGmMRIMgeO7TDQm1I++grtaiyg TXIveRbZEiJ1H2yg6zX51fQYdWPHbBe00OJTcxK4aFEdYGgHlVU4TlKz/n0nF602+ASs PWyOzcnSzyfMnENKljttBxnxtJ0S4OJuqsyYc40OAV51U8rYnoikwNQdwMUvXUQVYczn Axdw== X-Gm-Message-State: AOAM533ao5r45qtTtl9rm2WUqP/dQp0o27lUuRzrC5UJKh0CrbUe2wtu dEVqxBwt98bvKrEZfjangofdWacbu4Oxoh819tvfeBWHd38= X-Google-Smtp-Source: ABdhPJz6txMpS0dP2UUzuId2697JZoYoo3WdZX0dReIYzMAg96lAn/J3miXbSNGYaST7kWMgx9qsYEPx4P2dpWvHiTo= X-Received: by 2002:a02:95ee:: with SMTP id b101mr4920572jai.96.1631287984472; Fri, 10 Sep 2021 08:33:04 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ed Maste Date: Fri, 10 Sep 2021 11:32:34 -0400 Message-ID: Subject: Re: Important note for future FreeBSD base system OpenSSH update To: freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4H5fyv3LlKz4qZG X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of carpeddiem@gmail.com designates 209.85.166.48 as permitted sender) smtp.mailfrom=carpeddiem@gmail.com X-Spamd-Result: default: False [-2.96 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; TO_DOM_EQ_FROM_DOM(0.00)[]; FREEFALL_USER(0.00)[carpeddiem]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_SHORT(-0.96)[-0.958]; RCVD_TLS_ALL(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[209.85.166.48:from]; FORGED_SENDER(0.30)[emaste@freebsd.org,carpeddiem@gmail.com]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.166.48:from]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; MIME_TRACE(0.00)[0:+]; FROM_NEQ_ENVFROM(0.00)[emaste@freebsd.org,carpeddiem@gmail.com]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Sep 2021 15:33:12 -0000 On Thu, 9 Sept 2021 at 14:01, Ed Maste wrote: > > There is an important caveat to be aware of for the next base system > update though - I've reproduced it below (from OpenSSH's release > notes, https://www.openssh.com/releasenotes.html). Upstream has also made a change to have scp use the SFTP protocol by default. This will appear in OpenSSH 8.8. You can test SFTP protocol mode now by passing the -s flag to OpenSSH (in main/-CURRENT). Commit message: Author: djm@openbsd.org AuthorDate: Wed Sep 8 23:31:39 2021 +0000 Commit: Damien Miller CommitDate: Thu Sep 9 12:35:37 2021 +1000 upstream: Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag. Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7. ok deraadt, after baking in snaps for a while without incident From owner-freebsd-security@freebsd.org Sat Sep 11 17:37:10 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DE670675562 for ; Sat, 11 Sep 2021 17:37:10 +0000 (UTC) (envelope-from freebsd@simonhoffmann.net) Received: from mxbackup.hetzner.hoffbox.net (mxbackup.hetzner.hoffbox.net [IPv6:2a01:4f8:c0c:21d4::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mxbackup.hetzner.hoffbox.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H6KgT0wYtz3Hb4 for ; Sat, 11 Sep 2021 17:37:08 +0000 (UTC) (envelope-from freebsd@simonhoffmann.net) Received: from uhura.hoffmann.computer (188.192.38.198 [188.192.38.198]) by mxbackup.hetzner.hoffbox.net (OpenSMTPD) with ESMTPS id f26124c3 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for ; Sat, 11 Sep 2021 17:37:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=simonhoffmann.net; s=dkim1; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=+LzEN+z144JpQPyJZxYxeFSybUdrStSymZzLkbelEM0=; b=X4qqhJkxLIXbe/yO5ZGyyk1Fu9 mtebphaGncdtoIRqI9XPnOT/Vp6QkU7KGI/JQ6kCcKZ0KdRgeX13NkcP8kC8ZBUNhuolEo0TAqcMQ /yNvCXqkKVPOLKtzU2FSVwDZ137VeaRMLGKdVbdMubPC1gkmcNpW0JKce4AOn/MzwIDJG+DnNXrv0 3mgQslkfOmcYTDTjFm6o19FeTo7+FvEyQxkKhgntPnKlQ6oogxJ5GsCvuYu5QbGR9kR5ASiTfIlFY 4O/oPCiKrZbOgB4qqLfCSIUWmAF3ftZV78fcdee/wDL9DaPctvemHLE9tYwTVTKC/xHcEH4YIRCZ+ OyG+iAyw==; Received: from [192.168.170.81] (port=51616 helo=admin02.HOFF.local) by uhura.hoffmann.computer with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mP6vv-0001Cm-1O; Sat, 11 Sep 2021 19:36:56 +0200 X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_1300_1399 0.000000, BODY_SIZE_2000_LESS 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSG_THREAD 0.000000, MULTIPLE_REAL_RCPTS 0.000000, NO_CTA_URI_FOUND 0.000000, NO_FUR_HEADER 0.000000, NO_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, OUTBOUND 0.000000, OUTBOUND_SOPHOS 0.000000, REFERENCES 0.000000, SENDER_NO_AUTH 0.000000, __ATTACHMENT_NOT_IMG 0.000000, __ATTACHMENT_SIZE_0_10K 0.000000, __BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CD 0.000000, __CT 0.000000, __CTYPE_HAS_BOUNDARY 0.000000, __CTYPE_MULTIPART 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FRAUD_SUBJ_A 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_RDNS_SOPHOS 0.000000, __HAS_ATTACHMENT 0.000000, __HAS_ATTACHMENT1 0.000000, __HAS_ATTACHMENT2 0.000000, __HAS_CC_HDR 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HEADER_ORDER_FROM 0.000000, __IN_REP_TO 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_TEXT_P2 0.000000, __MIME_VERSION 0.000000, __MSGID_DOMAIN_NOT_IN_HDRS 0.000000, __OUTBOUND_SOPHOS_FUR 0.000000, __OUTBOUND_SOPHOS_FUR_IP 0.000000, __OUTBOUND_SOPHOS_FUR_RDNS 0.000000, __PHISH_PHRASE11 0.000000, __PHISH_SPEAR_SUBJECT 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000, __PHISH_SPEAR_SUBJ_PREDICATE 0.000000, __REFERENCES 0.000000, __SANE_MSGID 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TO_HOST_IN_FROM 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_NO_MAILTO 0.000000 X-SASI-Probability: 7% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 4.1.4, AntispamData: 2021.9.11.170016 Date: Sat, 11 Sep 2021 19:36:55 +0200 From: Simon Hoffmann To: Ed Maste Cc: freebsd-security@freebsd.org Subject: Re: Important note for future FreeBSD base system OpenSSH update Message-ID: <20210911173655.GB76404@admin02.HOFF.local> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="MW5yreqqjyrRcusr" Content-Disposition: inline In-Reply-To: x-sophos-spx-encrypt: 0 abuse: abuse@hoffmann.computer X-Rspamd-Queue-Id: 4H6KgT0wYtz3Hb4 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=simonhoffmann.net header.s=dkim1 header.b=X4qqhJkx; dmarc=pass (policy=none) header.from=simonhoffmann.net; spf=pass (mx1.freebsd.org: domain of freebsd@simonhoffmann.net designates 2a01:4f8:c0c:21d4::1 as permitted sender) smtp.mailfrom=freebsd@simonhoffmann.net X-Spamd-Result: default: False [-6.10 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[simonhoffmann.net:s=dkim1]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[simonhoffmann.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[simonhoffmann.net,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/32, country:DE]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-security]; RECEIVED_SPAMHAUS_PBL(0.00)[188.192.38.198:received] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Sep 2021 17:37:10 -0000 --MW5yreqqjyrRcusr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > The notice includes a command to run to determine if a server will be > affected by this issue - I would appreciate it if folks can try it > with servers they use and report back, to help determine if this will > be an issue in practice and to help guide the next base system update. I'm not exactly sure what you are expecting as a report. I still have some very old keys that use ssh-rsa. I've noticed this on an OpenBSD -snapshot test vm, as i was unable to connect. So, yes, I will be affected, if I do not replace my old keys by then. which then probably is a good opportunity to organise my keys and not have like 200 different keys :) Simon --MW5yreqqjyrRcusr Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEgjIuaCUBjJygpxHp5Ekk+95XePwFAmE86TcACgkQ5Ekk+95X ePw4ugf8C9MwciUBXPhYns3rBtahBFcQuXf9MzjWecljVzouBSdZAdVb+QvJ3YGV ooP+xcDbHfal+ZTYdwNxozEu6sfRqYlejie2FfkQunaQ4OzBQ92SS8yGqtZ4HabK 1x5qzSSQuYewuNoRSv+1WoJPzPpc69DMxR+7or2eJNZrXvMu4Wm7Mo7IJDV52iEF QkfsPyaL7YAinHCofg152Jl1c51IwRikPtlws/zpsmavTB52BjepUp+BFY13QAtr iuXCjmYJmrcydlcqc0GbtIe5HNZmdTaprkM72uMWxzdLE+Hav83Zxb5UbDaqvyNn qHv4pYC79jmcbxhYKHtoNs/hUb2ryA== =GqUp -----END PGP SIGNATURE----- --MW5yreqqjyrRcusr-- From owner-freebsd-security@freebsd.org Sat Sep 11 22:10:07 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8D581678A85 for ; Sat, 11 Sep 2021 22:10:07 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H6RkQ3BkPz3n44; Sat, 11 Sep 2021 22:10:06 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 18BM9vJ0019071 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 11 Sep 2021 22:09:58 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: emaste@freebsd.org Received: from [10.58.0.10] (dadvw [10.58.0.10]) by eg.sd.rdtc.ru (8.16.1/8.16.1) with ESMTPS id 18BM9ur7077002 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Sun, 12 Sep 2021 05:09:56 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Important note for future FreeBSD base system OpenSSH update To: Ed Maste , freebsd-security@freebsd.org References: From: Eugene Grosbein Message-ID: Date: Sun, 12 Sep 2021 05:09:45 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT autolearn=disabled version=3.4.2 X-Spam-Report: * -0.0 SHORTCIRCUIT No description available. * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 4H6RkQ3BkPz3n44 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=fail (mx1.freebsd.org: domain of eugen@grosbein.net does not designate 2a01:4f8:c2c:26d8::2 as permitted sender) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-2.09 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; R_SPF_FAIL(1.00)[-all]; FREEFALL_USER(0.00)[eugen]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; ARC_NA(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.994]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/32, country:DE]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Sep 2021 22:10:07 -0000 10.09.2021 1:01, Ed Maste wrote: > To check whether a server is using the weak ssh-rsa public key > algorithm, for host authentication, try to connect to it after > removing the ssh-rsa algorithm from ssh(1)'s allowed list: > > ssh -oHostKeyAlgorithms=-ssh-rsa user@host > > If the host key verification fails and no other supported host key > types are available, the server software on that host should be > upgraded. I have some telco equipment (E1/SS7) based on custom Linux distro built by a vendor: $ ssh -oHostKeyAlgorithms=-ssh-rsa user@host Unable to negotiate with X.X.X.X port 22: no matching host key type found. Their offer: ssh-rsa I've already asked the vendor for possible upgrade and was told that no upgrade will be available. Will I be able to use ssh_config and following command to re-enable the feature after planned import? HostKeyAlgorithms ssh-rsa