Development

Host-key rotation and more in OpenSSH 6.8

OpenSSH 6.8 was released on March 18. As usual, the update adds several additional features to the ssh client and sshd server; some of the changes are meant to ease the configuration or management of systems, while some are geared primarily toward better usability (a factor that, for SSH, can have genuine security implications). But there are other changes that introduce new functionality altogether, such as the ability to securely migrate from one SSH key to another, or the ability to require multiple keys to authenticate to a server.

The portable version of OpenSSH (that is, the package intended for operating systems other than OpenSSH's parent OS, OpenBSD) is available for download in source form. It will likely be a brief matter of time before most Linux distributions have packages available.

New major features

The new feature in version 6.8 that has prompted the most discussion is support for host-key rotation. Host-key rotation is an attempt to solve a longstanding problem: from time to time, servers need to retire an old SSH key and replace it with a new one, but swapping out keys without warning can leave clients unable to connect. Sometimes, the key replacement is precautionary (such as migrating to a stronger key algorithm), but key replacement may also be necessary in a hurry if a key is believed to be compromised.

With OpenSSH's rotation scheme, once a client has authenticated to a server, the server can send over a list of all of its supported keys. The client can store the list locally in its known_hosts file. Since each key record indicates the algorithm used, the next time a client connects, it can authenticate using a newer or stronger available key. The server, in turn, can eventually pull an old key out of the list and retire it. The client, when it connects with the new key, would update its list again and remove the now-absent old key from known_hosts.

This feature is experimental, though. In the comments on OpenSSH maintainer Damien Miller's initial blog post about the subject, some readers pointed out potential exploits. An attacker could slip an extra key into the list, for example, then subsequently proxy-connect clients to a different server. By trusting implicitly that the keys in known_hosts belong to who they claim to, the client would not know that the SSH session had been redirected. Miller then added a signature-checking step to the scheme, so that the client will verify that the key belongs to the server.

To do the signature check, the client sends a request (including a session identifier) for each new key that it sees. The server signs each of these requests with the private key that corresponds to the requested public key. That addition seems to have satisfied most of the commenters, but the story serves as a reminder that some real-world testing is highly advisable before deploying such a new feature in the wild.

Another new feature is support for multi-key authentication. In OpenSSH 6.2, the sshd daemon gained support for the AuthenticationMethods configuration directive, with which the server administrator can specify a multi-step authentication process. ``publickey,password'', for example, would require connecting clients to authenticate with a key, then with a password.

As of OpenSSH 6.8, ``publickey,publickey'' is a supported authentication combination. It requires clients to authenticate with two separate keys. Other combinations with additional directives are possible, too, as is requiring three or more keys.

There is also one important change in 6.8 that may require server administrators to alter their sshd configurations. In older versions of OpenSSH, the sshd daemon would perform reverse DNS lookups on connecting clients (logging suspicious results). There were a few objections to this. For one thing, high-traffic servers were doing a lot of DNS queries (adding to system load). For another, as Daniel Kahn Gillmore pointed out in November 2014, the lookups added no real security benefit. In fact, they could even pose a security risk, he said in a follow up, since buggy DNS resolvers could be used to mask an attacker's activity. As of OpenSSH 6.8, then, the DNS lookup feature has been turned off by default. Servers that make use of it will need to have their configuration files updated to switch the feature back on.

New minor features

While the host-key rotation and multi-key authentication features permit OpenSSH users to implement some new functionality, there are a great many more improvements in the new release that merely simplify configuration or make day-to-day usage a better experience. For instance, several enhancements were made to host-based authentication. Both the client and server configuration files can now include a directive specifying what public key types are used to connect for host-based authentication, and Ed25519 keys are supported.

Key-revocation lists (KRLs) were another feature introduced in version 6.2, and were also the target of some small enhancements. Up through OpenSSH 6.7, the use of KRLs required that OpenSSH be compiled with OpenSSL support; this is now no longer needed. A RevokedHostKeys option was added to the ssh client, allowing the user to revoke keys with a KRL or with a text file. KRLs can also revoke X.509 certificates and, as of version 6.8, they can do so without also needing to specify the certificate authority (CA) that issued each certificate.

Both the ssh client and sshd server have a new FingerprintHash option, available as a command-line flag and as configuration-file option, that lets users specify the algorithm used to generate a key fingerprint. In conjunction with this change, the format OpenSSH uses to print out a key fingerprint has been updated; it now prepends the name of the algorithm used, for easy reading.

Anyone still using version 1 of the SSH protocol (which is hopefully not a large group) can rest easier in at least one respect tonight: OpenSSH 6.8 adds a workaround that blocks the new Bleichenbacher side-channel attack disclosed by Christopher Meyer and associates in 2014. At the other end of the ancient-to-contemporary spectrum, users who use IPv6 addresses on their machines will be happy to hear that version 6.8 fixes an annoying bug in which OpenSSH tried to parse some IPv6 addresses as hostnames.

There are, of course, many more small changes and updates not addressed here. Partial authentication successes are no longer counted as authentication failures against the MaxAuthTries limit, ssh matching rules now support the negation operator (e.g., Match !foo), and so forth.

Moving forward, it will be worth paying attention to the real-world feedback generated by users testing out the host-key rotation feature. System administrators have dealt with key rotation in a variety of ways in the past, with no real standard, so OpenSSH's venture into the fray could have a lasting impact. In the meantime, there are enough new additions to OpenSSH to make it worth exploring for its other improvements as well.

Comments (1 posted)

Quotes of the week

— Shaun McCance says what everyone who has attended a conference was already thinking.

— Cameron Kaiser takes issue with Google's rationale for shutting down Google Code because it "simply isn't needed anymore."

Comments (none posted)

Qt 5.5 Alpha Available

Qt 5.5 alpha has been released. "With Qt 5.5, Canvas 3D is fully supported and a technology preview of long awaited Qt 3D is included. Qt 5.5 also introduces mapping support with a Qt Location technology preview. Qt 5.5 Alpha is the first step towards Qt 5.5 final release planned to be available in May." Check out the New Features in Qt 5.5 page for more details.

Comments (12 posted)

StoryText 3.12 released

Version 3.12 of the StoryText GUI-testing tool is now available. StoryText supports "PyGTK, Tkinter, wxPython, Swing and SWT along with a Python framework for testing GUIs in general." The new release adds support for GTK+3 and features several enhancements to Eclipse support.

Full Story (comments: none)

KDE Frameworks 5.8.0 released

Version 5.8.0 of the KDE Frameworks add-on library collection is now available. New frameworks in this release include KPeople, which "provides access to all contacts and the people who hold them" and KXmlRpcClient, for interacting with XMLRPC services. There are changes to be found in many of the individual libraries; developers are encouraged to read the release notes thoroughly.

Full Story (comments: none)

Development newsletters from the past week

• What's cooking in git.git (March 11)
• What's cooking in git.git (March 14)
• What's cooking in git.git (March 17)
• GNU Toolchain Update (March 15)
• LLVM Weekly (March 16)
• OCaml Weekly News (March 17)
• OpenStack Community Weekly Newsletter (March 13)
• Perl Weekly (March 16)
• PostgreSQL Weekly News (March 15)
• Python Weekly (March 12)
• Ruby Weekly (March 12)
• This Week in Rust (March 16)
• Tor Weekly News (March 18)
• Wikimedia Tech News (March 16)

Comments (none posted)

NTP's Fate Hinges On 'Father Time' (InformationWeek)

InformationWeek has a lengthy look at the maintenance of the network time protocol (NTP) code. "Not all is well within the NTP open source project. The number of volunteer contributors -- those who submit code for periodic updates, examine bug reports, and write fixes -- has shrunk over its long lifespan, even as its importance has increased. Its ongoing development and maintenance now rest mostly on the shoulders of [Harlan] Stenn, and that's why NTP faces a turning point. Stenn, who also works sporadically on his own consulting business, has given himself a deadline: Garner more financial support by April, 'or look for regular work.'"

Comments (32 posted)

OpenSCAD 2015.03 released with text objects support (Libre Graphics World)

Libre Graphics World has a look at the new release of OpenSCAD, the 3D solid-modeling tool often used in conjunction with 3D printers. The new features include support for complex text layout, offset functions for manipulating polygons, and the ability to generate height maps from PNG images. "The user interface got a few improvements as well: new startup dialog to quickly open recent files or examples from a library, new QScintilla-based code editor with folding support, SVG and AMF exporting, and more."

Comments (none posted)

KDE and The Semantic Desktop

Vishesh Handa has written a detailed recap of KDE's history with the "semantic desktop" paradigm, in which the Resource Description Framework (RDF) format was used to store all data, and the Nepomuk component was provided to index and search it. "Having a huge central store was limiting, and using RDF just made it harder. Some of the notable applications were - Amarok, Bangarang, Rekonq, and KGet. However, Nepomuk was almost always optional, and not part of the core feature set." Eventually, Handa notes, Nepomuk was removed, and KDE had to design a new search engine to replace it. "This project was often sold under the misnomer of being KDE's new Semantic Search engine. I often feel that the description, while containing a ton of buzz words, really does stray away from what it really meant to be Semantic." Rather, "in Plasma 5, The Baloo project is just a file indexing and searching solution. Nothing more."

Comments (none posted)

Hall: Preview of GNOME usability results

Jim Hall has posted a preview of the recent usability work done by GNOME OPW participant Sanskriti Dawle (to whom Hall has been acting as mentor). "I can make a few initial observations from this data. Looks like testers had the most difficulty with tasks Gedit.6 and Photos.3 and Photos.4, with noticeable difficulty in tasks Notes.1 and Photos.2. There's some interesting data around tasks Gedit.1 and Music.1 that might reflect testers 9, 11, and 12", Hall notes. "I encourage you to watch Sanskriti's blog for the final results, which I hope to see in the next week as she wraps up her work in the internship. "

Comments (none posted)