From: naddy Date: Mon, 15 Aug 2016 12:32:04 +0000 (+0000) Subject: Catch up with the SSH1 code removal and delete all mention of X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=8915e95c92ea2f4ae79322e421c4676fec9e854d;p=openbsd Catch up with the SSH1 code removal and delete all mention of protocol 1 particularities, key files and formats, command line options, and configuration keywords from the server documentation and examples. ok jmc@ --- diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index b0b1a13006d..140c94ab209 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $ -.Dd $Mdocdate: February 17 2016 $ +.\" $OpenBSD: sshd.8,v 1.285 2016/08/15 12:32:04 naddy Exp $ +.Dd $Mdocdate: August 15 2016 $ .Dt SSHD 8 .Os .Sh NAME @@ -44,14 +44,12 @@ .Nm sshd .Bk -words .Op Fl 46DdeiqTt -.Op Fl b Ar bits .Op Fl C Ar connection_spec .Op Fl c Ar host_certificate_file .Op Fl E Ar log_file .Op Fl f Ar config_file .Op Fl g Ar login_grace_time .Op Fl h Ar host_key_file -.Op Fl k Ar key_gen_time .Op Fl o Ar option .Op Fl p Ar port .Op Fl u Ar len @@ -96,9 +94,6 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. -.It Fl b Ar bits -Specifies the number of bits in the ephemeral protocol version 1 -server key (default 1024). .It Fl C Ar connection_spec Specify the connection parameters to use for the .Fl T @@ -169,36 +164,18 @@ This option must be given if is not run as root (as the normal host key files are normally not readable by anyone but root). The default is -.Pa /etc/ssh/ssh_host_key -for protocol version 1, and .Pa /etc/ssh/ssh_host_dsa_key , -.Pa /etc/ssh/ssh_host_ecdsa_key . +.Pa /etc/ssh/ssh_host_ecdsa_key , .Pa /etc/ssh/ssh_host_ed25519_key and -.Pa /etc/ssh/ssh_host_rsa_key -for protocol version 2. +.Pa /etc/ssh/ssh_host_rsa_key . It is possible to have multiple host key files for -the different protocol versions and host key algorithms. +the different host key algorithms. .It Fl i Specifies that .Nm is being run from .Xr inetd 8 . -If SSH protocol 1 is enabled, -.Nm -should not normally be run -from inetd because it needs to generate the server key before it can -respond to the client, and this may take some time. -Clients may have to wait too long if the key was regenerated every time. -.It Fl k Ar key_gen_time -Specifies how often the ephemeral protocol version 1 server key is -regenerated (default 3600 seconds, or one hour). -The motivation for regenerating the key fairly -often is that the key is not stored anywhere, and after about an hour -it becomes impossible to recover the key for decrypting intercepted -communications even if the machine is cracked into or physically -seized. -A value of zero indicates that the key will never be regenerated. .It Fl o Ar option Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate @@ -257,8 +234,7 @@ may also be used to prevent from making DNS requests unless the authentication mechanism or configuration requires it. Authentication mechanisms that may require DNS include -.Cm RhostsRSAAuthentication , -.Cm HostbasedAuthentication , +.Cm HostbasedAuthentication and using a .Cm from="pattern-list" option in a key file. @@ -269,42 +245,14 @@ or .Cm DenyUsers . .El .Sh AUTHENTICATION -The OpenSSH SSH daemon supports SSH protocols 1 and 2. -The default is to use protocol 2 only, -though this can be changed via the -.Cm Protocol -option in -.Xr sshd_config 5 . -Protocol 1 should not be used -and is only offered to support legacy devices. -.Pp +The OpenSSH SSH daemon supports SSH protocol 2 only. Each host has a host-specific key, used to identify the host. -Partial forward security for protocol 1 is provided through -an additional server key, -normally 1024 bits, -generated when the server starts. -This key is normally regenerated every hour if it has been used, and -is never stored on disk. Whenever a client connects, the daemon responds with its public -host and server keys. +host key. The client compares the -RSA host key against its own database to verify that it has not changed. -The client then generates a 256-bit random number. -It encrypts this -random number using both the host key and the server key, and sends -the encrypted number to the server. -Both sides then use this -random number as a session key which is used to encrypt all further -communications in the session. -The rest of the session is encrypted -using a conventional cipher, currently Blowfish or 3DES, with 3DES -being used by default. -The client selects the encryption algorithm -to use from those offered by the server. -.Pp -For protocol 2, -forward security is provided through a Diffie-Hellman key agreement. +host key against its own database to verify that it has not changed. +Forward security is provided through a Diffie-Hellman key agreement. This key agreement results in a shared session key. The rest of the session is encrypted using a symmetric cipher, currently 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. @@ -450,32 +398,25 @@ key (empty lines and lines starting with a .Ql # are ignored as comments). -Protocol 1 public keys consist of the following space-separated fields: -options, bits, exponent, modulus, comment. -Protocol 2 public key consist of: +Public keys consist of the following space-separated fields: options, keytype, base64-encoded key, comment. -The options field is optional; -its presence is determined by whether the line starts -with a number or not (the options field never starts with a number). -The bits, exponent, modulus, and comment fields give the RSA key for -protocol version 1; the -comment field is not used for anything (but may be convenient for the -user to identify the key). -For protocol version 2 the keytype is +The options field is optional. +The keytype is .Dq ecdsa-sha2-nistp256 , .Dq ecdsa-sha2-nistp384 , .Dq ecdsa-sha2-nistp521 , .Dq ssh-ed25519 , .Dq ssh-dss or -.Dq ssh-rsa . +.Dq ssh-rsa ; +the comment field is not used for anything (but may be convenient for the +user to identify the key). .Pp -Note that lines in this file are usually several hundred bytes long +Note that lines in this file can be several hundred bytes long (because of the size of the public key encoding) up to a limit of 8 kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 kilobits. You don't want to type them in; instead, copy the -.Pa identity.pub , .Pa id_dsa.pub , .Pa id_ecdsa.pub , .Pa id_ed25519.pub , @@ -484,8 +425,7 @@ or the file and edit it. .Pp .Nm -enforces a minimum RSA key modulus size for protocol 1 -and protocol 2 keys of 768 bits. +enforces a minimum RSA key modulus size of 768 bits. .Pp The options (if present) consist of comma-separated option specifications. @@ -663,7 +603,7 @@ maintained automatically: whenever the user connects from an unknown host, its key is added to the per-user file. .Pp Each line in these files contains the following fields: markers (optional), -hostnames, bits, exponent, modulus, comment. +hostnames, keytype, base64-encoded key, comment. The fields are separated by spaces. .Pp The marker is optional, but if it is present then it must be one of @@ -704,9 +644,9 @@ character. Only one hashed hostname may appear on a single line and none of the above negation or wildcard operators may be applied. .Pp -Bits, exponent, and modulus are taken directly from the RSA host key; they +The keytype and base64-encoded key are taken directly from the host key; they can be obtained, for example, from -.Pa /etc/ssh/ssh_host_key.pub . +.Pa /etc/ssh/ssh_host_rsa_key.pub . The optional comment field continues to the end of the line, and is not used. .Pp Lines starting with @@ -745,8 +685,8 @@ Note that the lines in these files are typically hundreds of characters long, and you definitely don't want to type in the host keys by hand. Rather, generate them by a script, .Xr ssh-keyscan 1 -or by taking -.Pa /etc/ssh/ssh_host_key.pub +or by taking, for example, +.Pa /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the front. .Xr ssh-keygen 1 also offers some basic automated editing for @@ -885,7 +825,6 @@ This file is used in exactly the same way as but allows host-based authentication without permitting login with rlogin/rsh. .Pp -.It Pa /etc/ssh/ssh_host_key .It Pa /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_ed25519_key @@ -897,7 +836,6 @@ Note that .Nm does not start if these files are group/world-accessible. .Pp -.It Pa /etc/ssh/ssh_host_key.pub .It Pa /etc/ssh/ssh_host_dsa_key.pub .It Pa /etc/ssh/ssh_host_ecdsa_key.pub .It Pa /etc/ssh/ssh_host_ed25519_key.pub diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config index ec2dd16fb7e..2c0e3b14aef 100644 --- a/usr.bin/ssh/sshd_config +++ b/usr.bin/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $ +# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -13,21 +13,11 @@ #ListenAddress 0.0.0.0 #ListenAddress :: -# The default requires explicit activation of protocol 1 -#Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - # Ciphers and keying #RekeyLimit default none @@ -43,7 +33,6 @@ #MaxAuthTries 6 #MaxSessions 10 -#RSAAuthentication yes #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 @@ -56,11 +45,9 @@ AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication +# HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 24f0815f562..9fc633020df 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.228 2016/08/12 19:19:04 jca Exp $ -.Dd $Mdocdate: August 12 2016 $ +.\" $OpenBSD: sshd_config.5,v 1.229 2016/08/15 12:32:04 naddy Exp $ +.Dd $Mdocdate: August 15 2016 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -230,8 +230,6 @@ of .Dq publickey,publickey will require successful authentication using two different public keys. .Pp -This option will yield a fatal -error if enabled if protocol 1 is also enabled. Note that each authentication method listed should also be explicitly enabled in the configuration. The default @@ -710,15 +708,12 @@ is not to load any certificates. .It Cm HostKey Specifies a file containing a private host key used by SSH. -The default is -.Pa /etc/ssh/ssh_host_key -for protocol version 1, and +The defaults are .Pa /etc/ssh/ssh_host_dsa_key , .Pa /etc/ssh/ssh_host_ecdsa_key , .Pa /etc/ssh/ssh_host_ed25519_key and -.Pa /etc/ssh/ssh_host_rsa_key -for protocol version 2. +.Pa /etc/ssh/ssh_host_rsa_key . .Pp Note that .Xr sshd 8 @@ -729,14 +724,6 @@ option restricts which of the keys are actually used by .Xr sshd 8 . .Pp It is possible to have multiple host key files. -.Dq rsa1 -keys are used for version 1 and -.Dq dsa , -.Dq ecdsa , -.Dq ed25519 -or -.Dq rsa -are used for version 2 of the SSH protocol. It is also possible to specify public host key files instead. In this case operations on the private key will be delegated to an @@ -775,8 +762,6 @@ Specifies that and .Pa .shosts files will not be used in -.Cm RhostsRSAAuthentication -or .Cm HostbasedAuthentication . .Pp .Pa /etc/hosts.equiv @@ -791,8 +776,6 @@ Specifies whether should ignore the user's .Pa ~/.ssh/known_hosts during -.Cm RhostsRSAAuthentication -or .Cm HostbasedAuthentication . The default is .Dq no . @@ -911,15 +894,6 @@ option of .Xr ssh 1 with an argument of .Dq kex . -.It Cm KeyRegenerationInterval -In protocol version 1, the ephemeral server key is automatically regenerated -after this many seconds (if it has been used). -The purpose of regeneration is to prevent -decrypting captured sessions by later breaking into the machine and -stealing the keys. -The key is never stored anywhere. -If the value is 0, the key is never regenerated. -The default is 3600 (seconds). .It Cm ListenAddress Specifies the local addresses .Xr sshd 8 @@ -1128,8 +1102,6 @@ Available keywords are .Cm PubkeyAuthentication , .Cm RekeyLimit , .Cm RevokedKeys , -.Cm RhostsRSAAuthentication , -.Cm RSAAuthentication , .Cm StreamLocalBindMask , .Cm StreamLocalBindUnlink , .Cm TrustedUserCAKeys , @@ -1334,28 +1306,6 @@ when a user logs in interactively. or equivalent.) The default is .Dq yes . -.It Cm Protocol -Specifies the protocol versions -.Xr sshd 8 -supports. -The possible values are -.Sq 1 -and -.Sq 2 . -Multiple versions must be comma-separated. -The default is -.Sq 2 . -Protocol 1 suffers from a number of cryptographic weaknesses and should -not be used. -It is only offered to support legacy devices. -.Pp -Note that the order of the protocol list does not indicate preference, -because the client selects among multiple protocol versions offered -by the server. -Specifying -.Dq 2,1 -is identical to -.Dq 1,2 . .It Cm PubkeyAcceptedKeyTypes Specifies the key types that will be accepted for public key authentication as a comma-separated pattern list. @@ -1420,20 +1370,6 @@ an OpenSSH Key Revocation List (KRL) as generated by .Xr ssh-keygen 1 . For more information on KRLs, see the KEY REVOCATION LISTS section in .Xr ssh-keygen 1 . -.It Cm RhostsRSAAuthentication -Specifies whether rhosts or /etc/hosts.equiv authentication together -with successful RSA host authentication is allowed. -The default is -.Dq no . -This option applies to protocol version 1 only. -.It Cm RSAAuthentication -Specifies whether pure RSA authentication is allowed. -The default is -.Dq yes . -This option applies to protocol version 1 only. -.It Cm ServerKeyBits -Defines the number of bits in the ephemeral protocol version 1 server key. -The default and minimum value is 1024. .It Cm StreamLocalBindMask Sets the octal file creation mode mask .Pq umask