shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-06 10:27:22 +09:00
Code Issues Packages Projects Releases Wiki Activity

kex: Do not ignore keys in known_hosts files

Browse Source 
Previously, if the SSH_OPTIONS_HOSTKEYS option was set by any mean,
including the client configuration file, the keys in known_hosts files
wouldn't be considered before advertising the list of wanted host keys.

This could result in the client requesting the server to provide a
signature using a key not present in the known_hosts files (e.g. when
the first wanted algorithm in SSH_OPTIONS_HOSTKEYS is not present in the
known_hosts files), causing a host key mismatch and possible key
rejection.

Now, the keys present in the known_hosts files are prioritized over the
other wanted keys.  This do not change the fact that only keys of types
present in the list set in SSH_OPTIONS_HOSTKEYS will be accepted and
prioritized following the order defined by such list.

The new wanted list of hostkeys is given by:
 - The keys present in known_hosts files, ordered by preference defined
   in SSH_OPTIONS_HOSTKEYS.  If the option is not set, a default order
   of preference is used.
 - The other keys present in the same option are appended without adding
   duplicates.  If the option is not set, the default list of keys is
   used.

Fixes: T156

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Anderson Toshiyuki Sasaki
2019-07-01 19:39:07 +02:00
parent 65a38759ca
commit f18a7cc17e
2 changed files with 225 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
src/kex.c
View File

@@ -561,103 +561,94 @@ void ssh_list_kex(struct ssh_kex_struct *kex) {
/**
* @internal
*
* @brief selects the hostkey mechanisms to be chosen for the key exchange,
* as some hostkey mechanisms may be present in known_hosts file and preferred
* as some hostkey mechanisms may be present in known_hosts files.
*
* @returns a cstring containing a comma-separated list of hostkey methods.
* NULL if no method matches
*/
char *ssh_client_select_hostkeys(ssh_session session)
{
char methods_buffer[128]={0};
char tail_buffer[128]={0};
const char *wanted = NULL;
char *wanted_without_certs = NULL;
char *known_hosts_algorithms = NULL;
char *known_hosts_ordered = NULL;
char *new_hostkeys = NULL;
static const char *preferred_hostkeys[] = {
"ssh-ed25519",
"ecdsa-sha2-nistp521",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp256",
"rsa-sha2-512",
"rsa-sha2-256",
"ssh-rsa",
#ifdef HAVE_DSA
"ssh-dss",
#endif
NULL
};
struct ssh_list *algo_list = NULL;
struct ssh_iterator *it = NULL;
size_t algo_count;
int needcomma = 0;
size_t i, len;
char *fips_hostkeys = NULL;
algo_list = ssh_known_hosts_get_algorithms(session);
if (algo_list == NULL) {
wanted = session->opts.wanted_methods[SSH_HOSTKEYS];
if (wanted == NULL) {
if (ssh_fips_mode()) {
wanted = ssh_kex_get_fips_methods(SSH_HOSTKEYS);
} else {
wanted = ssh_kex_get_default_methods(SSH_HOSTKEYS);
}
}
/* This removes the certificate types, unsupported for now */
wanted_without_certs = ssh_find_all_matching(HOSTKEYS, wanted);
if (wanted_without_certs == NULL) {
SSH_LOG(SSH_LOG_WARNING,
"List of allowed host key algorithms is empty or contains only "
"unsupported algorithms");
return NULL;
}
algo_count = ssh_list_count(algo_list);
if (algo_count == 0) {
ssh_list_free(algo_list);
return NULL;
}
SSH_LOG(SSH_LOG_DEBUG,
"Order of wanted host keys: \"%s\"",
wanted_without_certs);
for (i = 0; preferred_hostkeys[i] != NULL; ++i) {
bool found = false;
/* This is a signature type: We list also the SHA2 extensions */
enum ssh_keytypes_e base_preferred =
ssh_key_type_from_signature_name(preferred_hostkeys[i]);
for (it = ssh_list_get_iterator(algo_list);
it != NULL;
it = it->next) {
const char *algo = ssh_iterator_value(const char *, it);
/* This is always key type so we do not have to care for the
* SHA2 extension */
enum ssh_keytypes_e base_algo = ssh_key_type_from_name(algo);
if (base_preferred == base_algo) {
/* Matching the keys already verified it is a known type */
if (needcomma) {
strncat(methods_buffer,
",",
sizeof(methods_buffer) - strlen(methods_buffer) - 1);
}
strncat(methods_buffer,
preferred_hostkeys[i],
sizeof(methods_buffer) - strlen(methods_buffer) - 1);
needcomma = 1;
found = true;
}
}
/* Collect the rest of the algorithms in other buffer, that will
* follow the preferred buffer. This will signalize all the algorithms
* we are willing to accept.
*/
if (!found) {
snprintf(tail_buffer + strlen(tail_buffer),
sizeof(tail_buffer) - strlen(tail_buffer),
",%s", preferred_hostkeys[i]);
}
}
ssh_list_free(algo_list);
if (strlen(methods_buffer) == 0) {
known_hosts_algorithms = ssh_known_hosts_get_algorithms_names(session);
if (known_hosts_algorithms == NULL) {
SSH_LOG(SSH_LOG_DEBUG,
"No supported kex method for existing key in known_hosts file");
return NULL;
"No key found in known_hosts; "
"changing host key method to \"%s\"",
wanted_without_certs);
return wanted_without_certs;
}
/* Append the supported list to the preferred.
* The length is maximum 128 + 128 + 1, which will not overflow
*/
len = strlen(methods_buffer) + strlen(tail_buffer) + 1;
new_hostkeys = malloc(len);
SSH_LOG(SSH_LOG_DEBUG,
"Algorithms found in known_hosts files: \"%s\"",
known_hosts_algorithms);
/* Filter and order the keys from known_hosts according to wanted list */
known_hosts_ordered = ssh_find_all_matching(known_hosts_algorithms,
wanted_without_certs);
SAFE_FREE(known_hosts_algorithms);
if (known_hosts_ordered == NULL) {
SSH_LOG(SSH_LOG_DEBUG,
"No key found in known_hosts is allowed; "
"changing host key method to \"%s\"",
wanted_without_certs);
return wanted_without_certs;
}
/* Append the other supported keys after the preferred ones
* This function tolerates NULL pointers in parameters */
new_hostkeys = ssh_append_without_duplicates(known_hosts_ordered,
wanted_without_certs);
SAFE_FREE(known_hosts_ordered);
SAFE_FREE(wanted_without_certs);
if (new_hostkeys == NULL) {
ssh_set_error_oom(session);
return NULL;
}
snprintf(new_hostkeys, len,
"%s%s", methods_buffer, tail_buffer);
if (ssh_fips_mode()) {
/* Filter out algorithms not allowed in FIPS mode */
fips_hostkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, new_hostkeys);
SAFE_FREE(new_hostkeys);
if (fips_hostkeys == NULL) {
SSH_LOG(SSH_LOG_WARNING,
"None of the wanted host keys or keys in known_hosts files "
"is allowed in FIPS mode.");
return NULL;
}
new_hostkeys = fips_hostkeys;
}
SSH_LOG(SSH_LOG_DEBUG,
"Changing host key method to \"%s\"",
@@ -672,7 +663,7 @@ char *ssh_client_select_hostkeys(ssh_session session)
*/
int ssh_set_client_kex(ssh_session session)
{
struct ssh_kex_struct *client= &session->next_crypto->client_kex;
struct ssh_kex_struct *client = &session->next_crypto->client_kex;
const char *wanted;
char *kex = NULL;
char *kex_tmp = NULL;
@@ -687,14 +678,22 @@ int ssh_set_client_kex(ssh_session session)
}
memset(client->methods, 0, KEX_METHODS_SIZE * sizeof(char **));
/* first check if we have specific host key methods */
if (session->opts.wanted_methods[SSH_HOSTKEYS] == NULL) {
/* Only if no override */
session->opts.wanted_methods[SSH_HOSTKEYS] =
ssh_client_select_hostkeys(session);
}
/* Set the list of allowed algorithms in order of preference, if it hadn't
* been set yet. */
for (i = 0; i < KEX_METHODS_SIZE; i++) {
if (i == SSH_HOSTKEYS) {
/* Set the hostkeys in the following order:
* - First: keys present in known_hosts files ordered by preference
* - Next: other wanted algorithms ordered by preference */
client->methods[i] = ssh_client_select_hostkeys(session);
if (client->methods[i] == NULL) {
ssh_set_error_oom(session);
return SSH_ERROR;
}
continue;
}
wanted = session->opts.wanted_methods[i];
if (wanted == NULL) {
if (ssh_fips_mode()) {