[Nix-dev] SECURITY: default SSH host keys are weak
Eelco Dolstra
eelco.dolstra at logicblox.com
Fri Aug 23 19:28:28 CEST 2013
Hi,
On 23/08/13 18:05, Peter Simons wrote:
> I am in favor of changing the default key type to something stronger
> than 1024 bit DSA for newly generated keys.
>
> I do not want any of my existing keys re-generated or replaced, though.
>
> Can the change in NixOS be made in such a way that accomplishs this?
We can just generate an ECDSA key in addition to the DSA key, which is in fact
what upstream's "make host-key" does. I suggest we apply the attached patch
that does that. It's completely backwards compatible in that it will generate
an ECDSA host key on systems that don't have one, while clients that have the
DSA key in their known_hosts will continue to use that. (It also drops the
configurability of the host key type since that doesn't support having multiple
host keys.)
--
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
-------------- next part --------------
diff --git a/modules/services/networking/ssh/sshd.nix b/modules/services/networking/ssh/sshd.nix
index 0c70ebd..7fd6bab 100644
--- a/modules/services/networking/ssh/sshd.nix
+++ b/modules/services/networking/ssh/sshd.nix
@@ -15,29 +15,6 @@ let
v == "forced-commands-only" ||
v == "no";
- hostKeyTypeNames = {
- dsa1024 = "dsa"; # DSA has a key size limitation due to standards
- rsa3072 = "rsa";
- ecdsa521 = "ecdsa";
- };
-
- hostKeyTypeBits = {
- dsa1024 = 1024; # =80 bits of security
- rsa3072 = 3072; # =128 bits of security
- ecdsa521 = 521; # =256 bits of security
- };
-
- # equivalent to 112 bit of security strength. Anything below this is very unsafe.
- hostKeyTypeSafeBits = {
- dsa1024 = 2048;
- rsa3072 = 2048;
- ecdsa521 = 255;
- };
-
- hktn = attrByPath [cfg.hostKeyType] (throw "unknown host key type `${cfg.hostKeyType}'") hostKeyTypeNames;
- hktb = attrByPath [cfg.hostKeyType] (throw "unknown host key type `${cfg.hostKeyType}'") hostKeyTypeBits;
- hktsb = attrByPath [cfg.hostKeyType] (throw "unknown host key type `${cfg.hostKeyType}'") hostKeyTypeSafeBits;
-
knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts);
knownHostsFile = pkgs.writeText "ssh_known_hosts" (
@@ -176,25 +153,6 @@ in
'';
};
- hostKeyType = mkOption {
- default = "dsa1024";
- description = ''
- Type of host key to generate (dsa1024/rsa3072/ecdsa521), if
- the file specified by <literal>hostKeyPath</literal> does not
- exist when the service starts.
- '';
- };
-
- hostKeyPath = mkOption {
- default = "/etc/ssh/ssh_host_${hktn}_key";
- description = ''
- Path to the server's private key. If there is no key file
- on this path, it will be generated when the service is
- started for the first time. Otherwise, the ssh daemon will
- use the specified key directly in-place.
- '';
- };
-
authorizedKeysFiles = mkOption {
default = [];
description = "Files from with authorized keys are read.";
@@ -286,21 +244,18 @@ in
''
mkdir -m 0755 -p /etc/ssh
- if ! test -f ${cfg.hostKeyPath}; then
- ssh-keygen -t ${hktn} -b ${toString hktb} -f ${cfg.hostKeyPath} -N ""
+ if ! [ -f /etc/ssh/ssh_host_dsa_key ]; then
+ ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ""
fi
- result=$(ssh-keygen -lf ${cfg.hostKeyPath}|awk '{ print ($1>=${toString hktsb}?1:0)}')
- if [ "$result" -ne "1" ]; then
- ERROR="SECURITY ALERT: SSH Host Key is too weak. Generate a strong key NOW."
- echo "$ERROR"
- echo "$ERROR" > /dev/console
+ if ! [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
+ ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ""
fi
'';
serviceConfig =
{ ExecStart =
- "${pkgs.openssh}/sbin/sshd -h ${cfg.hostKeyPath} " +
+ "${pkgs.openssh}/sbin/sshd " +
"-f ${pkgs.writeText "sshd_config" cfg.extraConfig}";
Restart = "always";
Type = "forking";
More information about the nix-dev
mailing list