Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit

will be ignored for user and host-based authentication.

Feedback deraadt@ ok markus@

diff --git a/usr.bin/ssh/auth2-hostbased.c b/usr.bin/ssh/auth2-hostbased.c
index 2ab222e..b709283 100644 (file)
--- a/usr.bin/ssh/auth2-hostbased.c
+++ b/usr.bin/ssh/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.49 2022/01/06 22:01:14 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.50 2022/09/17 10:34:29 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -118,6 +118,11 @@ userauth_hostbased(struct ssh *ssh, const char *method)
                    "(null)" : key->cert->signature_type);
                goto done;
        }
+       if ((r = sshkey_check_rsa_length(key,
+           options.required_rsa_size)) != 0) {
+               logit_r(r, "refusing %s key", sshkey_type(key));
+               goto done;
+       }
 
        if (!authctxt->valid || authctxt->user == NULL) {
                debug2_f("disabled because of invalid user");

diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c
index daa756a..7c9e61b 100644 (file)
--- a/usr.bin/ssh/auth2-pubkey.c
+++ b/usr.bin/ssh/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.116 2022/06/15 16:08:25 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.117 2022/09/17 10:34:29 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -172,6 +172,11 @@ userauth_pubkey(struct ssh *ssh, const char *method)
                    "(null)" : key->cert->signature_type);
                goto done;
        }
+       if ((r = sshkey_check_rsa_length(key,
+           options.required_rsa_size)) != 0) {
+               logit_r(r, "refusing %s key", sshkey_type(key));
+               goto done;
+       }
        key_s = format_key(key);
        if (sshkey_is_cert(key))
                ca_s = format_key(key->cert->signature_key);

diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index f7317a5..07c5477 100644 (file)
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.385 2022/06/03 04:30:47 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.386 2022/09/17 10:34:29 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -177,6 +177,7 @@ initialize_server_options(ServerOptions *options)
        options->fingerprint_hash = -1;
        options->disable_forwarding = -1;
        options->expose_userauth_info = -1;
+       options->required_rsa_size = -1;
 }
 
 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
@@ -416,6 +417,8 @@ fill_default_server_options(ServerOptions *options)
                options->expose_userauth_info = 0;
        if (options->sk_provider == NULL)
                options->sk_provider = xstrdup("internal");
+       if (options->required_rsa_size == -1)
+               options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE;
 
        assemble_algorithms(options);
 
@@ -489,6 +492,7 @@ typedef enum {
        sStreamLocalBindMask, sStreamLocalBindUnlink,
        sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
        sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
+       sRequiredRSASize,
        sDeprecated, sIgnore, sUnsupported
 } ServerOpCodes;
 
@@ -632,6 +636,7 @@ static struct {
        { "rdomain", sRDomain, SSHCFG_ALL },
        { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
        { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
+       { "requiredrsasize", sRequiredRSASize, SSHCFG_ALL },
        { NULL, sBadOption, 0 }
 };
 
@@ -2377,6 +2382,10 @@ process_server_config_line_depth(ServerOptions *options, char *line,
                        *charptr = xstrdup(arg);
                break;
 
+       case sRequiredRSASize:
+               intptr = &options->required_rsa_size;
+               goto parse_int;
+
        case sDeprecated:
        case sIgnore:
        case sUnsupported:
@@ -2549,6 +2558,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
        M_CP_INTOPT(rekey_limit);
        M_CP_INTOPT(rekey_interval);
        M_CP_INTOPT(log_level);
+       M_CP_INTOPT(required_rsa_size);
 
        /*
         * The bind_mask is a mode_t that may be unsigned, so we can't use
@@ -2810,6 +2820,7 @@ dump_config(ServerOptions *o)
        dump_cfg_int(sMaxSessions, o->max_sessions);
        dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
        dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
+       dump_cfg_int(sRequiredRSASize, o->required_rsa_size);
        dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
 
        /* formatted integer arguments */

diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h
index 115db1e..990c412 100644 (file)
--- a/usr.bin/ssh/servconf.h
+++ b/usr.bin/ssh/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.156 2022/03/18 04:04:11 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.157 2022/09/17 10:34:29 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -227,6 +227,7 @@ typedef struct {
        int     expose_userauth_info;
        u_int64_t timing_secret;
        char   *sk_provider;
+       int     required_rsa_size;      /* minimum size of RSA keys */
 }       ServerOptions;
 
 /* Information about the incoming connection as used by Match */

diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index d26eb86..69111e8 100644 (file)
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.590 2022/07/01 05:08:23 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.591 2022/09/17 10:34:29 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1746,6 +1746,13 @@ main(int ac, char **av)
                                fatal_r(r, "Could not demote key: \"%s\"",
                                    options.host_key_files[i]);
                }
+               if (pubkey != NULL && (r = sshkey_check_rsa_length(pubkey,
+                   options.required_rsa_size)) != 0) {
+                       error_fr(r, "Host key %s", options.host_key_files[i]);
+                       sshkey_free(pubkey);
+                       sshkey_free(key);
+                       continue;
+               }
                sensitive_data.host_keys[i] = key;
                sensitive_data.host_pubkeys[i] = pubkey;
 

diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index 206ebbd..7fe1dce 100644 (file)
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.342 2022/06/24 04:27:14 djm Exp $
-.Dd $Mdocdate: June 24 2022 $
+.\" $OpenBSD: sshd_config.5,v 1.343 2022/09/17 10:34:29 djm Exp $
+.Dd $Mdocdate: September 17 2022 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1597,6 +1597,16 @@ is
 .Cm default none ,
 which means that rekeying is performed after the cipher's default amount
 of data has been sent or received and no time based rekeying is done.
+.It Cm RequiredRSASize
+Specifies the minimum RSA key size (in bits) that
+.Xr sshd 8
+will accept.
+User and host-based authentication keys smaller than this limit will be
+refused.
+The default is
+.Cm 1024
+bits.
+Note that this limit may only be raised from the default.
 .It Cm RevokedKeys
 Specifies revoked public keys file, or
 .Cm none