From a75ddd917977bbe3899c54bd4030d368fec432a1 Mon Sep 17 00:00:00 2001 From: djm Date: Thu, 20 Sep 2018 03:28:06 +0000 Subject: [PATCH] Add sshd_config CASignatureAlgorithms option to allow control over which signature algorithms a CA may use when signing certificates. In particular, this allows a sshd to ban certificates signed with RSA/SHA1. ok markus@ --- usr.bin/ssh/auth2-hostbased.c | 9 ++++++++- usr.bin/ssh/auth2-pubkey.c | 10 ++++++++-- usr.bin/ssh/servconf.c | 16 +++++++++++++--- usr.bin/ssh/servconf.h | 4 +++- usr.bin/ssh/sshd_config.5 | 15 +++++++++++++-- 5 files changed, 45 insertions(+), 9 deletions(-) diff --git a/usr.bin/ssh/auth2-hostbased.c b/usr.bin/ssh/auth2-hostbased.c index 32be2bc7da8..fc463d8166d 100644 --- a/usr.bin/ssh/auth2-hostbased.c +++ b/usr.bin/ssh/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.37 2018/08/28 12:17:45 mestre Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.38 2018/09/20 03:28:06 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -111,6 +111,13 @@ userauth_hostbased(struct ssh *ssh) __func__, sshkey_type(key)); goto done; } + if ((r = sshkey_check_cert_sigtype(key, + options.ca_sign_algorithms)) != 0) { + logit("%s: certificate signature algorithm %s: %s", __func__, + (key->cert == NULL || key->cert->signature_type == NULL) ? + "(null)" : key->cert->signature_type, ssh_err(r)); + goto done; + } if (!authctxt->valid || authctxt->user == NULL) { debug2("%s: disabled because of invalid user", __func__); diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c index 9bdc359c8b4..e5e6da7d144 100644 --- a/usr.bin/ssh/auth2-pubkey.c +++ b/usr.bin/ssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.85 2018/08/28 12:25:53 mestre Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.86 2018/09/20 03:28:06 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -134,7 +134,13 @@ userauth_pubkey(struct ssh *ssh) __func__, sshkey_ssh_name(key)); goto done; } - + if ((r = sshkey_check_cert_sigtype(key, + options.ca_sign_algorithms)) != 0) { + logit("%s: certificate signature algorithm %s: %s", __func__, + (key->cert == NULL || key->cert->signature_type == NULL) ? + "(null)" : key->cert->signature_type, ssh_err(r)); + goto done; + } key_s = format_key(key); if (sshkey_is_cert(key)) ca_s = format_key(key->cert->signature_key); diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index fa1b760a7a6..ba5faa8c1cb 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.340 2018/08/12 20:19:13 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.341 2018/09/20 03:28:06 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -131,6 +131,7 @@ initialize_server_options(ServerOptions *options) options->ciphers = NULL; options->macs = NULL; options->kex_algorithms = NULL; + options->ca_sign_algorithms = NULL; options->fwd_opts.gateway_ports = -1; options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; options->fwd_opts.streamlocal_bind_unlink = -1; @@ -177,13 +178,14 @@ option_clear_or_none(const char *o) static void assemble_algorithms(ServerOptions *o) { - char *all_cipher, *all_mac, *all_kex, *all_key; + char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; int r; all_cipher = cipher_alg_list(',', 0); all_mac = mac_alg_list(','); all_kex = kex_alg_list(','); all_key = sshkey_alg_list(0, 0, 1, ','); + all_sig = sshkey_alg_list(0, 1, 1, ','); #define ASSEMBLE(what, defaults, all) \ do { \ if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ @@ -195,11 +197,13 @@ assemble_algorithms(ServerOptions *o) ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); + ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); #undef ASSEMBLE free(all_cipher); free(all_mac); free(all_kex); free(all_key); + free(all_sig); } static void @@ -453,7 +457,7 @@ typedef enum { sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, - sKexAlgorithms, sIPQoS, sVersionAddendum, + sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, @@ -1368,6 +1372,10 @@ process_server_config_line(ServerOptions *options, char *line, charptr = &options->hostkeyalgorithms; goto parse_keytypes; + case sCASignatureAlgorithms: + charptr = &options->ca_sign_algorithms; + goto parse_keytypes; + case sPubkeyAuthentication: intptr = &options->pubkey_authentication; goto parse_flag; @@ -2531,6 +2539,8 @@ dump_config(ServerOptions *o) dump_cfg_string(sHostKeyAgent, o->host_key_agent); dump_cfg_string(sKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); + dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms ? + o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS); dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? o->hostbased_key_types : KEX_DEFAULT_PK_ALG); dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index 6dee76e7fa6..87d08b6d213 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.136 2018/07/09 21:26:02 markus Exp $ */ +/* $OpenBSD: servconf.h,v 1.137 2018/09/20 03:28:06 djm Exp $ */ /* * Author: Tatu Ylonen @@ -110,6 +110,7 @@ typedef struct { int hostbased_uses_name_from_packet_only; /* experimental */ char *hostbased_key_types; /* Key types allowed for hostbased */ char *hostkeyalgorithms; /* SSH2 server key types */ + char *ca_sign_algorithms; /* Allowed CA signature algorithms */ int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ char *pubkey_key_types; /* Key types allowed for public key */ int kerberos_authentication; /* If true, permit Kerberos @@ -240,6 +241,7 @@ struct connection_info { M_CP_STROPT(authorized_principals_command_user); \ M_CP_STROPT(hostbased_key_types); \ M_CP_STROPT(pubkey_key_types); \ + M_CP_STROPT(ca_sign_algorithms); \ M_CP_STROPT(routing_domain); \ M_CP_STROPT(permit_user_env_whitelist); \ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 05b7a7de4f7..ddc1fa1ba05 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.281 2018/07/20 05:01:10 djm Exp $ -.Dd $Mdocdate: July 20 2018 $ +.\" $OpenBSD: sshd_config.5,v 1.282 2018/09/20 03:28:06 djm Exp $ +.Dd $Mdocdate: September 20 2018 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -383,6 +383,17 @@ If the argument is .Cm none then no banner is displayed. By default, no banner is displayed. +.It Cm CASignatureAlgorithms +Specifies which algorithms are allowed for signing of certificates +by certificate authorities (CAs). +The default is: +.Bd -literal -offset indent +ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +.Ed +.Pp +Certificates signed using other algorithms will not be accepted for +public key or host-based authentication. .It Cm ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed. All authentication styles from -- 2.20.1