[gentoo-dev] [PATCH] document openssh-7.0 dsa key change #557388

[gentoo-dev] [PATCH] document openssh-7.0 dsa key change #557388

[Mike Frysinger]

---
 .../2015-08-13-openssh-weak-keys.en.txt            | 26 ++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 2015/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt

diff --git a/2015/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt b/2015/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt
new file mode 100644
index 0000000..8dece5e
--- /dev/null
+++ b/2015/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt
@@ -0,0 +1,26 @@
+Title: OpenSSH 7.0 disables ssh-dss keys by default
+Author: Mike Frysinger <vapier@gentoo.org>
+Content-Type: text/plain
+Posted: 2015-08-13
+Revision: 1
+News-Item-Format: 1.0
+Display-If-Installed: net-misc/openssh
+
+Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has
+been disabled by default at runtime.  If you rely on these key types,
+you will have to take corrective action or risk being locked out.
+
+Your best option is to generate new keys using newer types such as rsa
+or ecdsa or ed25519.  RSA keys will give you the greatest portability
+with other clients/servers while ed25519 will get you the best security
+with OpenSSH (but requires recent versions of client & server).
+
+If you are stuck with DSA keys, you can re-enable support locally by
+updating your sshd_config file with a line like so:
+	PubkeyAcceptedKeyTypes=+ssh-dss
+
+Be aware though that eventually OpenSSH will drop support for DSA keys
+entirely, so this is only a stop gap solution.
+
+More details can be found on OpenSSH's website:
+	http://www.openssh.com/legacy.html
-- 
2.4.4

Re: [gentoo-dev] [PATCH] document openssh-7.0 dsa key change #557388

[Mike Gilbert]

On Wed, Aug 12, 2015 at 11:17 PM, Mike Frysinger <vapier@gentoo.org> wrote:
> ---
>  .../2015-08-13-openssh-weak-keys.en.txt            | 26 ++++++++++++++++++++++
>  1 file changed, 26 insertions(+)
>  create mode 100644 2015/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt
>
> diff --git a/2015/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt b/2015/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt
> new file mode 100644
> index 0000000..8dece5e
> --- /dev/null
> +++ b/2015/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt
> @@ -0,0 +1,26 @@
> +Title: OpenSSH 7.0 disables ssh-dss keys by default
> +Author: Mike Frysinger <vapier@gentoo.org>
> +Content-Type: text/plain
> +Posted: 2015-08-13
> +Revision: 1
> +News-Item-Format: 1.0
> +Display-If-Installed: net-misc/openssh
> +
> +Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has
> +been disabled by default at runtime.  If you rely on these key types,
> +you will have to take corrective action or risk being locked out.
> +
> +Your best option is to generate new keys using newer types such as rsa
> +or ecdsa or ed25519.  RSA keys will give you the greatest portability
> +with other clients/servers while ed25519 will get you the best security
> +with OpenSSH (but requires recent versions of client & server).
> +
> +If you are stuck with DSA keys, you can re-enable support locally by
> +updating your sshd_config file with a line like so:
> +       PubkeyAcceptedKeyTypes=+ssh-dss
> +
> +Be aware though that eventually OpenSSH will drop support for DSA keys
> +entirely, so this is only a stop gap solution.
> +
> +More details can be found on OpenSSH's website:
> +       http://www.openssh.com/legacy.html
> --
> 2.4.4
>
>

Looks good to me, thanks for writing it.

Re: [gentoo-dev] [PATCH] document openssh-7.0 dsa key change #557388

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

might be nitpick, but..

On 08/13/2015 05:17 AM, Mike Frysinger wrote:

> +Your best option is to generate new keys using newer types such as
> rsa +or ecdsa or ed25519.  RSA keys will give you the greatest
> portability +with other clients/servers while ed25519 will get you
> the best security +with OpenSSH (but requires recent versions of
> client & server).

Strictly speaking DSA/DSS is newer than RSA (FIPS-186-1 came in early
90's, RSA around since 70s, although the ElGamal signature scheme was
around before that). ECC gives a better performance on the same
security level when comparing to DSA/RSA, however claiming better
security in general isn't necessarily valid, Ed25519 is a signature
scheme over Curve25519 which is a 256 bit curve generally considered
to be 128 bit security level, roughly comparable to a 3072 bit RSA key.

(as a side note, it seems OpenSSH was not updated for FIPS-186-3 that
adds other key lengths to DSA, but refers to DSA to mean FIPS-186-2)




- -- 
Kristian Fiskerstrand
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJVzEChAAoJECULev7WN52F9RgH/2ogCdlZv+RoY7fwaTrviyFK
oAzDRubkCPuIFAuERgqpkPlnu692tnNXXtJ6w4krSpg4lFSeh7KPPYM/C9dA++V4
7/oyCuOiQ6pxcQlHa1dTpCQjdWAOE5SL0os4Fy81hVGAvZgPGubRQSelBe9UUE4U
tP7Z+5FW/bnX91K0OZEl75qoKvLT4xqhWNUiLG3V1aUCN+DC7ZaSJkoC27vd+l+b
iqetcOzudojT4DyltO+dIkzQeSlaMF6qZnmq+MJU5m9b8U9ACw30YalD8awumN21
6cK0nOOxQI4M0VRLjl+9xMLrYnuQbeJnN3JBZpKnTcZ5S3hs0DPfhvTcAv0pyaw=
=LHJd
-----END PGP SIGNATURE-----

Re: [gentoo-dev] [PATCH] document openssh-7.0 dsa key change #557388

[Mike Frysinger]

[-- Attachment #1: Type: text/plain, Size: 1532 bytes --]

On 13 Aug 2015 09:00, Kristian Fiskerstrand wrote:
> On 08/13/2015 05:17 AM, Mike Frysinger wrote:
> > +Your best option is to generate new keys using newer types such as
> > rsa +or ecdsa or ed25519.  RSA keys will give you the greatest
> > portability +with other clients/servers while ed25519 will get you
> > the best security +with OpenSSH (but requires recent versions of
> > client & server).
> 
> Strictly speaking DSA/DSS is newer than RSA (FIPS-186-1 came in early
> 90's, RSA around since 70s, although the ElGamal signature scheme was
> around before that).

i'll rephrase:
-Your best option is to generate new keys using newer types such as rsa
+Your best option is to generate new keys using strong algos such as rsa

> ECC gives a better performance on the same
> security level when comparing to DSA/RSA, however claiming better
> security in general isn't necessarily valid, Ed25519 is a signature
> scheme over Curve25519 which is a 256 bit curve generally considered
> to be 128 bit security level, roughly comparable to a 3072 bit RSA key.

using ed25519 allows you to build openssh w/USE=-ssl which does get you
better security due to the smaller attack surface.  but the point of the
news item is to push people in the right direction w/out getting into a
dissertation on the nuances/details that people realistically won't grok
and won't make a difference to them.  if they're experts/interested, it
should be easy to locate additional material (including the linked page).
-mike

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [gentoo-dev] [PATCH] document openssh-7.0 dsa key change #557388

[Mike Gilbert]

On Wed, Aug 12, 2015 at 11:17 PM, Mike Frysinger <vapier@gentoo.org> wrote:
> ---
>  .../2015-08-13-openssh-weak-keys.en.txt            | 26 ++++++++++++++++++++++
>  1 file changed, 26 insertions(+)
>  create mode 100644 2015/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt
>
> diff --git a/2015/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt b/2015/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt
> new file mode 100644
> index 0000000..8dece5e
> --- /dev/null
> +++ b/2015/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt
> @@ -0,0 +1,26 @@
> +Title: OpenSSH 7.0 disables ssh-dss keys by default
> +Author: Mike Frysinger <vapier@gentoo.org>
> +Content-Type: text/plain
> +Posted: 2015-08-13
> +Revision: 1
> +News-Item-Format: 1.0
> +Display-If-Installed: net-misc/openssh
> +
> +Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has
> +been disabled by default at runtime.  If you rely on these key types,
> +you will have to take corrective action or risk being locked out.
> +
> +Your best option is to generate new keys using newer types such as rsa
> +or ecdsa or ed25519.  RSA keys will give you the greatest portability
> +with other clients/servers while ed25519 will get you the best security
> +with OpenSSH (but requires recent versions of client & server).
> +
> +If you are stuck with DSA keys, you can re-enable support locally by
> +updating your sshd_config file with a line like so:
> +       PubkeyAcceptedKeyTypes=+ssh-dss
> +
> +Be aware though that eventually OpenSSH will drop support for DSA keys
> +entirely, so this is only a stop gap solution.
> +
> +More details can be found on OpenSSH's website:
> +       http://www.openssh.com/legacy.html

I think this should also mention that PubkeyAcceptedKeyTypes applies
to the ssh client, and can be added to ~/.ssh/config.

Re: [gentoo-dev] [PATCH] document openssh-7.0 dsa key change #557388

[Mike Frysinger]

[-- Attachment #1: Type: text/plain, Size: 536 bytes --]

On 13 Aug 2015 17:18, Mike Gilbert wrote:
> On Wed, Aug 12, 2015 at 11:17 PM, Mike Frysinger <vapier@gentoo.org> wrote:
> > +If you are stuck with DSA keys, you can re-enable support locally by
> > +updating your sshd_config file with a line like so:
> > +       PubkeyAcceptedKeyTypes=+ssh-dss
> 
> I think this should also mention that PubkeyAcceptedKeyTypes applies
> to the ssh client, and can be added to ~/.ssh/config.

it applies to both.  if the server doesn't have it, it won't accept what
the client offers.
-mike

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [gentoo-dev] [PATCH] document openssh-7.0 dsa key change #557388

[Mike Gilbert]

On Thu, Aug 13, 2015 at 8:33 PM, Mike Frysinger <vapier@gentoo.org> wrote:
> On 13 Aug 2015 17:18, Mike Gilbert wrote:
>> On Wed, Aug 12, 2015 at 11:17 PM, Mike Frysinger <vapier@gentoo.org> wrote:
>> > +If you are stuck with DSA keys, you can re-enable support locally by
>> > +updating your sshd_config file with a line like so:
>> > +       PubkeyAcceptedKeyTypes=+ssh-dss
>>
>> I think this should also mention that PubkeyAcceptedKeyTypes applies
>> to the ssh client, and can be added to ~/.ssh/config.
>
> it applies to both.  if the server doesn't have it, it won't accept what
> the client offers.

Yep, that's actually what I meant: PubkeyAcceptedKeyTypes applies to
the client in addition to the server.