|
|
4057ea |
From 50873a820f9d9c655b93e8ff2d4158aff29761ff Mon Sep 17 00:00:00 2001
|
|
|
4057ea |
From: Martin Pitt <martin@piware.de>
|
|
|
4057ea |
Date: Mon, 8 Oct 2018 15:19:02 +0200
|
|
|
4057ea |
Subject: [PATCH 1/2] ssh: Use SHA256 fingerprints when available
|
|
|
4057ea |
|
|
|
4057ea |
libssh 0.8 offers SHA256 fingerprints in addition to the old MD5/SHA1
|
|
|
4057ea |
ones. The latter are both cryptographically broken, and not allowed when
|
|
|
4057ea |
running in FIPS mode -- these cause an assertion crash in OpenSSL.
|
|
|
4057ea |
|
|
|
4057ea |
The "ssh" CLI hasn't shown MD5 fingerprints in a long time, not even on
|
|
|
4057ea |
RHEL 7 (it shows SHA1 and SHA256 there by default), so this actually
|
|
|
4057ea |
improves compatibility with ssh.
|
|
|
4057ea |
|
|
|
4057ea |
Use libssh 0.8's ssh_get_fingerprint_hash() function, as ssh itself
|
|
|
4057ea |
shows SHA256 fingerprints in base64 instead of hex. cockpit-ssh's
|
|
|
4057ea |
fingerprint prompts should be compatible, and hex fingerprints would be
|
|
|
4057ea |
overly long.
|
|
|
4057ea |
|
|
|
4057ea |
Adjust most check-multi-machine tests to not care about the particular
|
|
|
4057ea |
type of fingerprint, as they don't check the actual fingerprint anyway.
|
|
|
4057ea |
Only `TestMultiMachine.testDirectLogin` does, so adjust the test to
|
|
|
4057ea |
accept both MD5 and SHA256 fingerprints.
|
|
|
4057ea |
|
|
|
4057ea |
https://bugzilla.redhat.com/show_bug.cgi?id=1585191
|
|
|
4057ea |
|
|
|
4057ea |
Closes #10241
|
|
|
4057ea |
---
|
|
|
4057ea |
configure.ac | 2 ++
|
|
|
4057ea |
src/ssh/cockpitsshrelay.c | 17 +++++++++++++++--
|
|
|
4057ea |
src/ssh/test-sshbridge.c | 8 +++++++-
|
|
|
4057ea |
3 files changed, 24 insertions(+), 3 deletions(-)
|
|
|
4057ea |
|
|
|
4057ea |
diff --git a/configure.ac b/configure.ac
|
|
|
4057ea |
index af8b1e3..b0d4879 100644
|
|
|
4057ea |
--- a/configure.ac
|
|
|
4057ea |
+++ b/configure.ac
|
|
|
4057ea |
@@ -132,6 +132,8 @@ if test "$enable_ssh" != "no"; then
|
|
|
4057ea |
AC_DEFINE_UNQUOTED(HAVE_SSH_GET_SERVER_PUBLICKEY, 1, Whether ssh_get_server_publickey is available)
|
|
|
4057ea |
])
|
|
|
4057ea |
|
|
|
4057ea |
+ AC_CHECK_DECLS([SSH_PUBLICKEY_HASH_SHA256, ssh_get_fingerprint_hash], [], [], [[#include <libssh/libssh.h>]])
|
|
|
4057ea |
+
|
|
|
4057ea |
COCKPIT_SSH_SESSION_CFLAGS="$COCKPIT_CFLAGS $LIBSSH_CFLAGS $KRB5_CFLAGS"
|
|
|
4057ea |
COCKPIT_SSH_SESSION_LIBS="$COCKPIT_LIBS $LIBSSH_LIBS $KRB5_LIBS"
|
|
|
4057ea |
AC_SUBST(COCKPIT_SSH_SESSION_LIBS)
|
|
|
4057ea |
diff --git a/src/ssh/cockpitsshrelay.c b/src/ssh/cockpitsshrelay.c
|
|
|
4057ea |
index 41286c3..1798345 100644
|
|
|
4057ea |
--- a/src/ssh/cockpitsshrelay.c
|
|
|
4057ea |
+++ b/src/ssh/cockpitsshrelay.c
|
|
|
4057ea |
@@ -52,6 +52,15 @@
|
|
|
4057ea |
#include <fcntl.h>
|
|
|
4057ea |
#include <time.h>
|
|
|
4057ea |
|
|
|
4057ea |
+/* libssh 0.8 offers SHA256 fingerprints, use them if available */
|
|
|
4057ea |
+#if HAVE_DECL_SSH_PUBLICKEY_HASH_SHA256
|
|
|
4057ea |
+#define SSH_PUBLICKEY_HASH SSH_PUBLICKEY_HASH_SHA256
|
|
|
4057ea |
+#define SSH_PUBLICKEY_HASH_NAME "SHA256"
|
|
|
4057ea |
+#else
|
|
|
4057ea |
+#define SSH_PUBLICKEY_HASH SSH_PUBLICKEY_HASH_MD5
|
|
|
4057ea |
+#define SSH_PUBLICKEY_HASH_NAME "MD5"
|
|
|
4057ea |
+#endif
|
|
|
4057ea |
+
|
|
|
4057ea |
/* we had a private one before moving to /etc/ssh/ssh_known_hosts */
|
|
|
4057ea |
#define LEGACY_KNOWN_HOSTS PACKAGE_LOCALSTATE_DIR "/known_hosts"
|
|
|
4057ea |
|
|
|
4057ea |
@@ -505,7 +514,7 @@ prompt_for_host_key (CockpitSshData *data)
|
|
|
4057ea |
|
|
|
4057ea |
message = g_strdup_printf ("The authenticity of host '%s:%d' can't be established. Do you want to proceed this time?",
|
|
|
4057ea |
host, port);
|
|
|
4057ea |
- prompt = g_strdup_printf ("MD5 Fingerprint (%s):", data->host_key_type);
|
|
|
4057ea |
+ prompt = g_strdup_printf (SSH_PUBLICKEY_HASH_NAME " Fingerprint (%s):", data->host_key_type);
|
|
|
4057ea |
|
|
|
4057ea |
reply = prompt_with_authorize (data, prompt, message, data->host_fingerprint, data->host_key, TRUE);
|
|
|
4057ea |
|
|
|
4057ea |
@@ -674,7 +683,7 @@ verify_knownhost (CockpitSshData *data,
|
|
|
4057ea |
goto done;
|
|
|
4057ea |
}
|
|
|
4057ea |
|
|
|
4057ea |
- if (ssh_get_publickey_hash (key, SSH_PUBLICKEY_HASH_MD5, &hash, &len) < 0)
|
|
|
4057ea |
+ if (ssh_get_publickey_hash (key, SSH_PUBLICKEY_HASH, &hash, &len) < 0)
|
|
|
4057ea |
{
|
|
|
4057ea |
g_warning ("Couldn't hash ssh public key");
|
|
|
4057ea |
ret = "internal-error";
|
|
|
4057ea |
@@ -682,7 +691,11 @@ verify_knownhost (CockpitSshData *data,
|
|
|
4057ea |
}
|
|
|
4057ea |
else
|
|
|
4057ea |
{
|
|
|
4057ea |
+#if HAVE_DECL_SSH_GET_FINGERPRINT_HASH
|
|
|
4057ea |
+ data->host_fingerprint = ssh_get_fingerprint_hash (SSH_PUBLICKEY_HASH, hash, len);
|
|
|
4057ea |
+#else
|
|
|
4057ea |
data->host_fingerprint = ssh_get_hexa (hash, len);
|
|
|
4057ea |
+#endif
|
|
|
4057ea |
ssh_clean_pubkey_hash (&hash);
|
|
|
4057ea |
}
|
|
|
4057ea |
|
|
|
4057ea |
diff --git a/src/ssh/test-sshbridge.c b/src/ssh/test-sshbridge.c
|
|
|
4057ea |
index e86f639..bc5bc3a 100644
|
|
|
4057ea |
--- a/src/ssh/test-sshbridge.c
|
|
|
4057ea |
+++ b/src/ssh/test-sshbridge.c
|
|
|
4057ea |
@@ -563,7 +563,13 @@ test_echo_large (TestCase *tc,
|
|
|
4057ea |
|
|
|
4057ea |
static const gchar MOCK_RSA_KEY[] = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYzo07OA0H6f7orVun9nIVjGYrkf8AuPDScqWGzlKpAqSipoQ9oY/mwONwIOu4uhKh7FTQCq5p+NaOJ6+Q4z++xBzSOLFseKX+zyLxgNG28jnF06WSmrMsSfvPdNuZKt9rZcQFKn9fRNa8oixa+RsqEEVEvTYhGtRf7w2wsV49xIoIza/bln1ABX1YLaCByZow+dK3ZlHn/UU0r4ewpAIZhve4vCvAsMe5+6KJH8ft/OKXXQY06h6jCythLV4h18gY/sYosOa+/4XgpmBiE7fDeFRKVjP3mvkxMpxce+ckOFae2+aJu51h513S9kxY2PmKaV/JU9HBYO+yO4j+j24v";
|
|
|
4057ea |
|
|
|
4057ea |
+#if HAVE_DECL_SSH_PUBLICKEY_HASH_SHA256
|
|
|
4057ea |
+static const gchar MOCK_RSA_FP[] = "SHA256:XQ8a7zGxMFstDrGecBRUP9OMnOUXd/T3vkNGtYShs2w";
|
|
|
4057ea |
+#define SSH_PUBLICKEY_HASH_NAME "SHA256"
|
|
|
4057ea |
+#else
|
|
|
4057ea |
static const gchar MOCK_RSA_FP[] = "0e:6a:c8:b1:07:72:e2:04:95:9f:0e:b3:56:af:48:e2";
|
|
|
4057ea |
+#define SSH_PUBLICKEY_HASH_NAME "MD5"
|
|
|
4057ea |
+#endif
|
|
|
4057ea |
|
|
|
4057ea |
|
|
|
4057ea |
static void
|
|
|
4057ea |
@@ -634,7 +640,7 @@ do_hostkey_conversation (TestCase *tc,
|
|
|
4057ea |
(int)tc->ssh_port, MOCK_RSA_FP,
|
|
|
4057ea |
(int)tc->ssh_port, MOCK_RSA_KEY);
|
|
|
4057ea |
|
|
|
4057ea |
- do_auth_conversation (tc->transport, "MD5 Fingerprint (ssh-rsa):",
|
|
|
4057ea |
+ do_auth_conversation (tc->transport, SSH_PUBLICKEY_HASH_NAME " Fingerprint (ssh-rsa):",
|
|
|
4057ea |
expect_json, response, add_header);
|
|
|
4057ea |
g_free (expect_json);
|
|
|
4057ea |
}
|
|
|
4057ea |
--
|
|
|
4057ea |
2.19.1
|
|
|
4057ea |
|