-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssh: add support for extension negotiation (rfc 8308) #197
base: master
Are you sure you want to change the base?
Conversation
This PR isn't ready for merging yet! I created the PR to get some initial feedback to see if the direction it's going is appropriate or if there are larger changes that need to be handled. I have a number of The client side of |
This PR (HEAD: 29bf9ec) has been imported to Gerrit for code review. Please visit https://go-review.googlesource.com/c/crypto/+/360195 to see it. Tip: You can toggle comments from me using the |
Message from Go Bot: Patch Set 1: Congratulations on opening your first change. Thank you for your contribution! Next steps: Most changes in the Go project go through a few rounds of revision. This can be During May-July and Nov-Jan the Go project is in a code freeze, during which Please don’t reply on this GitHub thread. Visit golang.org/cl/360195. |
Message from Kristin Davidson: Patch Set 1: (1 comment) Please don’t reply on this GitHub thread. Visit golang.org/cl/360195. |
Hi @aphistic, I tried your changes along with the recently merged support for SHA2 signatures for RSA host keys (commit: b4de73f). Both my OpenSSH 8.8 client and Go SSH server seemed happy about it. It looks like @FiloSottile is marked as the sole Gerrit reviewer... Perhaps another Go maintainer CC'ed on the change (such as @agl) can take a look and offer feedback about this implementation? |
Hey @stephen-fox! Those are the same changes we're running prod now, so it's good to hear it's working for you! With regard to the review, I talked with @FiloSottile on the Gopher Slack about this PR and the next steps are to document the public changes to the API that I'd like to propose as part of merging this upstream. The code right now is not ready for merging and I think the public API for configuring extensions isn't correct, so this is definitely something that needs to happen first. I haven't had a chance to do this documentation yet, though, but I will redouble my efforts once I'm back in the office on Monday!. |
Ah, I didn't realize there is a slack! And no worries - thank you for implementing this feature. I look forward to using it once it is merged :) |
This adds support for SSH extension negotiation via SSH_MSG_EXT_INFO as defined in RFC 8308 [1]. It also adds support for the `server-sig-algs` extension on both the client and server sides. [1] https://datatracker.ietf.org/doc/html/rfc8308 Fixes golang/go#49269 Change-Id: Iab374d1254ec83eabdb5f433b95ff39a1a540cc3 GitHub-Last-Rev: 29bf9ec GitHub-Pull-Request: golang#197
@aphistic great to see this! Do you also plan to tackle automatically setting the right algorithm for the rsa signers (which are right now hardcoded to ssh-rsa? |
@aphistic FYI, managed to leverage your work for the ssh client signers with your current api exposure and without having to change the signatures of the signers themselves: rmohr@e4ed966. Maybe it is helpful when looking into the API changes. |
This adds support for SSH extension negotiation via SSH_MSG_EXT_INFO as defined in RFC 8308 [1]. It also adds support for the `server-sig-algs` extension on both the client and server sides. [1] https://datatracker.ietf.org/doc/html/rfc8308 Fixes golang/go#49269 Change-Id: Iab374d1254ec83eabdb5f433b95ff39a1a540cc3 GitHub-Last-Rev: 29bf9ec GitHub-Pull-Request: golang#197
The fork adds the following patches: - ssh: add support for extension negotiation (rfc 8308) golang/crypto#197 - ssh: use extension negotiation (rfc 8308) in ssh clients rmohr/crypto@e4ed966 Closes: #916 Closes: #886
OpenSSH has deprecated SHA1, and in 8.8 it was removed from the default accepted signature algorithm list. OpenSSH server implements signature algorithm negotiation. Go's SSH server implementation does not. Since we use RSA keys in CI, the ssh client uses those keys and because it can't negotiate an alternative falls back to the default disallowed SHA1 algorithm, which causes the connection to fail. So for now to work around this problem we explicitly allow SHA1 in the client. Once signature negotiation is implemented in Go we can drop this patch. See golang/crypto#197.
OpenSSH has deprecated SHA1, and in 8.8 it was removed from the default accepted signature algorithm list. OpenSSH server implements signature algorithm negotiation. Go's SSH server implementation does not. Since we use RSA keys in CI, the ssh client uses those keys and because it can't negotiate an alternative falls back to the default disallowed SHA1 algorithm, which causes the connection to fail. So for now to work around this problem we explicitly allow SHA1 in the client. Once signature negotiation is implemented in Go we can drop this patch. See golang/crypto#197.
OpenSSH has deprecated SHA1, and in 8.8 it was removed from the default accepted signature algorithm list. OpenSSH server implements signature algorithm negotiation. Go's SSH server implementation does not. Since we use RSA keys in CI, the ssh client uses those keys and because it can't negotiate an alternative falls back to the default disallowed SHA1 algorithm, which causes the connection to fail. So for now to work around this problem we explicitly allow SHA1 in the client. Once signature negotiation is implemented in Go we can drop this patch. See golang/crypto#197.
👋 what is the status of this PR? Could it be merged? |
AFAIK it's not complete. It does not, for example wire in the negotiation extension to the client (only the server). There are other things, too. |
Hi @owenthereal! @pete-woods is correct, this PR shouldn't be merged in its current state. The server-side of this is implemented but the configuration side of things will likely change, and the client-side isn't fully implemented either. If you only need I'd still like to get some feedback on the proposed config changes from the maintainers before I continue down the road for this PR, though. I have some discussion in the tracking issue for this PR golang/go#49269. |
I think people are starting to get nervous about this now the GitHub March 15th date (when rsa with SHA1 is deprecated) is getting pretty close. Any Go based Git client not using this patch plus extra stuff will break for a sizeable chunk of users. |
@aphistic do you plan to rebase this patch on the master branch? For what I can understand the upstream seems quite unresponsive. I'm a little short on time but if you're not going to work on this I might give it a try in the next few weeks, thanks |
@drakkan I am not sure if you need client or server support, but client support got merged a few days ago. Bumping golang.org/x/crypto should fix client issues. |
@rmohr thanks, I'm aware that client support was merged. I would like to add server support to SFTPGo and so I need this patch rebased without the client specific parts that were implemented in a different way |
Here is a rebase of this patch against current master: 0001-ssh-add-support-for-extension-negotiation-rfc-8308.zip I just modified extInfoMsg marshal/unmarshal to match the one introduced upstream and added support for client certificate authentication which didn't work in the previous patch. I don't think this patch is production ready, one of the many companies interested in this feature should hire one of the upstream maintainers to get a proper patch and so give something back to the community (I know at least one company that is developing a new SFTP server in Go and it is silently waiting for this patch ...) |
This is a rebase of the following PR golang#197 with some changes and improvements: - added support for client certificate authentication - removed read loop from server handshake - adapted extInfoMsg to upstream changes Signed-off-by: Nicola Murino <[email protected]>
This is a rebase of the following PR golang#197 with some changes and improvements: - added support for client certificate authentication - removed read loop from server handshake - adapted extInfoMsg to upstream changes Signed-off-by: Nicola Murino <[email protected]>
golang#197 with some changes and improvements: - added support for client certificate authentication - removed read loop from server handshake - adapted extInfoMsg to upstream changes Signed-off-by: Nicola Murino <[email protected]>
This is a rebase of the following PR golang#197 with some changes and improvements: - added support for client certificate authentication - removed read loop from server handshake - adapted extInfoMsg to upstream changes Signed-off-by: Nicola Murino <[email protected]>
That fork apparently also fixed the server part for me. Adding
to |
This is a rebase of the following PR golang#197 with some changes and improvements: - added support for client certificate authentication - removed read loop from server handshake - adapted extInfoMsg to upstream changes Signed-off-by: Nicola Murino <[email protected]>
This is a rebase of the following PR golang#197 with some changes and improvements: - added support for client certificate authentication - removed read loop from server handshake - adapted extInfoMsg to upstream changes Signed-off-by: Nicola Murino <[email protected]>
This is a rebase of the following PR golang#197 with some changes and improvements: - added support for client certificate authentication - removed read loop from server handshake - adapted extInfoMsg to upstream changes Signed-off-by: Nicola Murino <[email protected]>
This is a rebase of the following PR golang#197 with some changes and improvements: - added support for client certificate authentication - removed read loop from server handshake - adapted extInfoMsg to upstream changes Signed-off-by: Nicola Murino <[email protected]>
This is a rebase of the following PR golang#197 with some changes and improvements: - added support for client certificate authentication - removed read loop from server handshake - adapted extInfoMsg to upstream changes Signed-off-by: Nicola Murino <[email protected]>
This is a rebase of the following PR golang#197 with some changes and improvements: - added support for client certificate authentication - removed read loop from server handshake - adapted extInfoMsg to upstream changes Signed-off-by: Nicola Murino <[email protected]>
This adds support for SSH extension negotiation via SSH_MSG_EXT_INFO as defined in RFC 8308 [1]. It also adds support for the
server-sig-algs
extension on both the client and server sides.[1] https://datatracker.ietf.org/doc/html/rfc8308
Fixes golang/go#49269