Mailing List Archive

https://bugzilla.mindrot.org/show_bug.cgi?id=1550





--- Comment #2 from Jim Knoble <jmknoble@pobox.com> 2009-01-23 07:54:11 ---
Date: Wed, 21 Jan 2009 15:16:31 +1100 (EST)
From: Damien Miller <djm@mindrot.org>
To: Jim Knoble <jmknoble@pobox.com>
Subject: Re: OpenSSH private key encryption: time for AES?
In-Reply-To: <20090121014237.GD29074@crawfish.ais.com>
Message-ID: <alpine.BSO.1.10.0901211509560.5581@fuyu.mindrot.org>
References: <20090120060635.GA29074@crawfish.ais.com>
<alpine.BSO.1.10.0901201822540.5492@fuyu.mindrot.org>
<20090121014237.GD29074@crawfish.ais.com>
Cc: OpenSSH Devel <openssh-unix-dev@mindrot.org>

On Tue, 20 Jan 2009, Jim Knoble wrote:

> Circa 2009-01-20 02:30 dixit Damien Miller:
>
> : On Tue, 20 Jan 2009, Jim Knoble wrote:
> :
> : > [...]how can i encrypt my 4096-bit SSH RSA keypair with
> : > something like AES-128, AES-256, or Twofish instead of 3DES and still
> : > use it with OpenSSH? Can ssh-add read (unencrypted) key data from stdin?
>
> Experimentation has shown that the following will add a key to a running
> ssh-agent (OpenSSH_4.6p1, Ubuntu 7.10):
>
> $ cat id_rsa-unencrypted |ssh-add /dev/stdin
> $ ssh-add -l |fgrep /dev/stdin
> 2048 xx:xx:xx:...:xx:xx:xx /dev/stdin (RSA)
> $
>
> However, the following will not remove the key from the agent:
>
> $ cat id_rsa-unencrypted |ssh-add -d /dev/stdin
> Bad key file /dev/stdin
> $

Does that work without the patch? I don't think it would even with
the current cipher because it needs to reread the file IIRC.

> If both operations worked, then one could use an external
> encryption/decryption facility with one's private keys, e.g.:
>
> openssl enc -d -in ~/.ssh/id_rsa -aes-256-cbc |ssh-add /dev/stdin
>
> (although it would take a passphrase to remove a key from ssh-agent).

Wouldn't this just require the former to work? You'd be passing keys
to ssh-agent in unencrypted form always, no?

> : If you want to change it then you can do something like [a one-liner
> : change to authfile.c]. It probably wouldn't hurt to change - new
> : installations will still be able to read old keys
>
> It would be nice for newer OpenSSH to be able to produce private keys
> usable by older OpenSSH as well.

The key encryption for SSH protocol 2 keys is done by OpenSSL's PEM
functions, so AES should be supported by any OpenSSL version that
supports
AES in PEM. IIRC this has been supported for a number of years.

> Any chance of an option in ssh-keygen to specify the cipher? E.g.:

No, I think that would be a microknob that add little value, and
ssh-add
has waaaay to many buttons already.

If we change then it should be to the best encryption that is supported
by
widely deployed SSL/OpenSSH versions.

-d

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1550





--- Comment #3 from Jim Knoble <jmknoble@pobox.com> 2009-01-23 07:54:39 ---
Message-ID: <4976A70C.2020305@zip.com.au>
Date: Wed, 21 Jan 2009 15:39:40 +1100
From: Darren Tucker <dtucker@zip.com.au>
To: Damien Miller <djm@mindrot.org>
Subject: Re: OpenSSH private key encryption: time for AES?
References: <20090120060635.GA29074@crawfish.ais.com>
<alpine.BSO.1.10.0901201822540.5492@fuyu.mindrot.org>
<20090121014237.GD29074@crawfish.ais.com>
<alpine.BSO.1.10.0901211509560.5581@fuyu.mindrot.org>
In-Reply-To: <alpine.BSO.1.10.0901211509560.5581@fuyu.mindrot.org>
Cc: Jim Knoble <jmknoble@pobox.com>, OpenSSH Devel
<openssh-unix-dev@mindrot.org>

Damien Miller wrote:
[...]
> If we change then it should be to the best encryption that is supported by
> widely deployed SSL/OpenSSH versions.

Don't forget some versions of the Solaris 10 OpenSSL package cripple
all
ciphers with a key length >128 bits. We work around that for the SSH
ciphers but that's not going to help for the OpenSSL PEM functions.

--
Darren Tucker (dtucker at zip.com.au)

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1550





--- Comment #4 from Jim Knoble <jmknoble@pobox.com> 2009-01-23 07:55:03 ---
Message-ID: <4976A70C.2020305@zip.com.au>
Date: Wed, 21 Jan 2009 15:39:40 +1100
From: Darren Tucker <dtucker@zip.com.au>
To: Damien Miller <djm@mindrot.org>
Subject: Re: OpenSSH private key encryption: time for AES?
References: <20090120060635.GA29074@crawfish.ais.com>
<alpine.BSO.1.10.0901201822540.5492@fuyu.mindrot.org>
<20090121014237.GD29074@crawfish.ais.com>
<alpine.BSO.1.10.0901211509560.5581@fuyu.mindrot.org>
In-Reply-To: <alpine.BSO.1.10.0901211509560.5581@fuyu.mindrot.org>
Cc: Jim Knoble <jmknoble@pobox.com>, OpenSSH Devel
<openssh-unix-dev@mindrot.org>

Damien Miller wrote:
[...]
> If we change then it should be to the best encryption that is supported by
> widely deployed SSL/OpenSSH versions.

Don't forget some versions of the Solaris 10 OpenSSL package cripple
all
ciphers with a key length >128 bits. We work around that for the SSH
ciphers but that's not going to help for the OpenSSL PEM functions.

--
Darren Tucker (dtucker at zip.com.au)

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1550





--- Comment #5 from Jim Knoble <jmknoble@pobox.com> 2009-01-23 07:56:07 ---
Date: Wed, 21 Jan 2009 16:01:35 +1100 (EST)
From: Damien Miller <djm@mindrot.org>
To: Darren Tucker <dtucker@zip.com.au>
Subject: Re: OpenSSH private key encryption: time for AES?
In-Reply-To: <4976A70C.2020305@zip.com.au>
Message-ID: <alpine.BSO.1.10.0901211556540.5581@fuyu.mindrot.org>
References: <20090120060635.GA29074@crawfish.ais.com>
<alpine.BSO.1.10.0901201822540.5492@fuyu.mindrot.org>
<20090121014237.GD29074@crawfish.ais.com>
<alpine.BSO.1.10.0901211509560.5581@fuyu.mindrot.org>
<4976A70C.2020305@zip.com.au>
Cc: Jim Knoble <jmknoble@pobox.com>, OpenSSH Devel
<openssh-unix-dev@mindrot.org>

On Wed, 21 Jan 2009, Darren Tucker wrote:

> Damien Miller wrote:
> [...]
> > If we change then it should be to the best encryption that is supported by
> > widely deployed SSL/OpenSSH versions.
>
> Don't forget some versions of the Solaris 10 OpenSSL package cripple all
> ciphers with a key length >128 bits. We work around that for the SSH
> ciphers but that's not going to help for the OpenSSL PEM functions.

Shouldn't this Just Work with our replacement EVP_aes_256_cbc in
cipher-aes.c? We already switch it on for the OPENSSL_LOBOTOMISED_AES
case (Obviously it would need to be tested...)

-d

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1550





--- Comment #6 from Jim Knoble <jmknoble@pobox.com> 2009-01-23 07:56:39 ---
Date: Thu, 22 Jan 2009 14:49:01 -0500
From: Jim Knoble <jmknoble@pobox.com>
To: OpenSSH Devel <openssh-unix-dev@mindrot.org>
Subject: Re: OpenSSH private key encryption: time for AES?
Message-ID: <20090122194901.GB22282@crawfish.ais.com>
Mail-Followup-To: OpenSSH Devel <openssh-unix-dev@mindrot.org>
References: <20090120060635.GA29074@crawfish.ais.com>
<alpine.BSO.1.10.0901201822540.5492@fuyu.mindrot.org>
<20090121014237.GD29074@crawfish.ais.com>
<alpine.BSO.1.10.0901211509560.5581@fuyu.mindrot.org>
In-Reply-To: <alpine.BSO.1.10.0901211509560.5581@fuyu.mindrot.org>

Circa 2009-01-20 23:16 dixit Damien Miller:

: On Tue, 20 Jan 2009, Jim Knoble wrote:
:
: > $ cat id_rsa-unencrypted |ssh-add /dev/stdin
: > $ ssh-add -l |fgrep /dev/stdin
: > 2048 xx:xx:xx:...:xx:xx:xx /dev/stdin (RSA)
: > $
:
: Does that work without the patch? I don't think it would even with
: the current cipher because it needs to reread the file IIRC.

It's an unpatched ssh-keygen (OpenSSH_4.6p1 Debian-5ubuntu0.6, OpenSSL
0.9.8e 23 Feb 2007).

: > If both operations worked, then one could use an external
: > encryption/decryption facility with one's private keys, e.g.:
: >
: > openssl enc -d -in ~/.ssh/id_rsa -aes-256-cbc |ssh-add
/dev/stdin
: >
: > (although it would take a passphrase to remove a key from
ssh-agent).
:
: Wouldn't this just require the former to work? You'd be passing keys
: to ssh-agent in unencrypted form always, no?

Not sure i understand. The only decryption would happen in the
'openssl | ssh-add' pipeline. In order to know which key to remove,
ssh-add would need to read the unencrypted key, which would only be
available by decrypting it in the pipeline, supplying a passphrase to
the 'openssl' command. Currently, 'ssh-add -d' doesn't require a
passphrase for an OpenSSH-encrypted private key.

I like the flexibility of being able to use stdin with ssh-add (and i
would prefer 'ssh-add -' rather than 'ssh-add /dev/stdin', but
whatever). However, all the above may be moot in light of the
discussion further below.

: The key encryption for SSH protocol 2 keys is done by OpenSSL's PEM
: functions, so AES should be supported by any OpenSSL version that
supports
: AES in PEM. IIRC this has been supported for a number of years.

If older OpenSSH (to a point) would "just work" reading private keys
encrypted with AES-256, then that's fantastic, and no need for any
further options to ssh-keygen.

: If we change then it should be to the best encryption that is
supported by
: widely deployed SSL/OpenSSH versions.

Agreed. Private keys are short, and even if decryption happens
frequently, it takes much longer to enter a passphrase than to decrypt
the key (and both decryption and passphrase can be mitigated via
ssh-agent).

--
jim knoble | jmknoble@pobox.com | http://www.pobox.com/~jmknoble/

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs