Launchpad SSH services should support SHA-2

Bug #1445619 reported by Joey Stanford on 2015-04-17
296
This bug affects 7 people
Affects Status Importance Assigned to Milestone
Launchpad itself
High
Colin Watson
lazr.sshserver
High
Colin Watson
turnip
High
Colin Watson
txpkgupload
High
Colin Watson

Bug Description

With respect to bzr+ssh using LP, it appears that the strongest crypto LP supports is a KEX of diffie-hellman-group1-sha1 and MAC of hmac-sha1.

LP servers should be updated to support something akin to these MACs:
<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,<email address hidden>

and these KEX:
<email address hidden>,diffie-hellman-group-exchange-sha256

Related branches

Colin Watson (cjwatson) wrote :

This is entirely blocked on twisted.conch improvements upstream. Some relevant bugs:

  https://twistedmatrix.com/trac/ticket/5350
  https://twistedmatrix.com/trac/ticket/7672
  https://twistedmatrix.com/trac/ticket/7717

William Grant (wgrant) on 2015-07-07
tags: added: codehosting-ssh security ssh
Changed in launchpad:
importance: Undecided → High
status: New → Triaged
William Grant (wgrant) on 2015-08-18
information type: Private Security → Public Security
Joey Stanford (joey) wrote :

Upon further reflection, I think it would be nice to use https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern as the standard.

kaputtnik (franku) wrote :

While updating openssh the possibility to upload/download code from launchpad fails. This is because the diffie-hellman-group1-sha1 method for connecting is disabled in openssh version 7.0 and greater.

See http://www.openssh.com/legacy.html

Colin Watson (cjwatson) wrote :

I'm currently seeking review for an updated version of the patch in Twisted #7717. After that I'll be able to get back to working on Twisted #7672.

In parallel, I'm trying to upgrade Launchpad to the current version of Twisted, which is 15.3.0. This is complicated for at least two reasons:

 * It needs a newer version of pyOpenSSL, but zc.buildout has trouble with the python-openssl package that's already installed on the system.
 * Newer versions of Twisted break testtools. I've submitted the necessary fix as https://github.com/testing-cabal/testtools/pull/149, but that still means we have to upgrade testtools, which involves upgrading pbr, which involves a build system that supports setup_requires, which zc.buildout really doesn't.

buildout has been a thorn in my side for a while, and I've started work on converting to a build system based on virtualenv and pip instead. The current status is that it's dealing with all the Python packages it needs to install with acceptable performance, but I still have to work out how to do the templated script generation that buildout is currently doing for us, and I expect initial deployment will be interesting. So this is still going to take a while. If that effort stalls then we do have the fallback plan of backporting patches from Twisted upstream, although I'd prefer to avoid that if we can, and it's moot until patches are actually accepted into Twisted upstream.

Changed in launchpad:
assignee: nobody → Colin Watson (cjwatson)
William Grant (wgrant) on 2015-08-26
summary: - Launchpad should support SHA2
+ Launchpad SSH services should support SHA2
summary: - Launchpad SSH services should support SHA2
+ Launchpad SSH services should support SHA-2
quequotion (quequotion) wrote :

yaourt -Qs openssh
core/openssh 7.1p1-1
    Free version of the SSH connectivity tools

Colin Watson (cjwatson) wrote :

Here's the current status following an upgrade yesterday:

 * bazaar.launchpad.net now supports diffie-hellman-group14-sha1, since I backported my change from Twisted trunk, which is the bare minimum for allowing OpenSSH 7.0/7.1 to talk to it. I should be able to do the same for diffie-hellman-group-exchange-sha256 shortly.
 * git.launchpad.net doesn't quite have the equivalent yet, but the hard bits of doing the upgrade are out of the way and we'll be able to upgrade to Twisted 15.5.0 more or less as soon as it's released, which supports both the above key exchange algorithms.
 * upload.ubuntu.com and ppa.launchpad.net will be best tackled by converting txpkgupload from buildout to pip, which shouldn't take too long. After that, it will be in a similar state to git.launchpad.net.

The MAC changes still require upstream work. I think at least minimal SHA-2 support here will be pretty straightforward; the EtM modes will be a little harder but not intractably so.

I have no idea how much work would be required to add EC support, and I don't expect to focus on that for the moment.

Changed in turnip:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Colin Watson (cjwatson)
Changed in txpkgupload:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Colin Watson (cjwatson)
Colin Watson (cjwatson) wrote :

Twisted upstream ticket to add hmac-sha2-{256,512} support:

  https://twistedmatrix.com/trac/ticket/8108

Colin Watson (cjwatson) wrote :

My patch for hmac-sha2-{256,512} support has landed upstream, and git.qastaging.paddev.net is now at Twisted 15.4.0 (which involved a small patch to Launchpad itself, now landed on production). So the to-do list is now:

 * Prepare a second Twisted backport for bazaar.launchpad.net, including diffie-hellman-group-exchange-sha256 and hmac-sha2-{256,512}
 * Upgrade launchpad-dependencies on upload.ubuntu.com and ppa.launchpad.net so that virtualenv is available there (waiting for sysadmins; Canonical staff can see status at https://portal.admin.canonical.com/86385)
 * Land https://code.launchpad.net/~cjwatson/txpkgupload/pip/+merge/277520, test on our dogfood instance, and fix up as necessary
 * Upgrade txpkgupload to testtools 1.8.1 and Twisted 15.4.0
 * Once Twisted 15.5.0 is released (which should be very soon now), upgrade both the git backend and txpkgupload to that
 * Upgrade the git backend and txpkgupload on production
 * Profit

Colin Watson (cjwatson) wrote :

lazr.sshserver needs a small patch to take the path to an OpenSSH moduli file and read DH generators and primes from it, in order to be able to use diffie-hellman-group-exchange-sha256.

Changed in lazr.sshserver:
assignee: nobody → Colin Watson (cjwatson)
importance: Undecided → High
status: New → Triaged
Colin Watson (cjwatson) on 2015-11-17
Changed in lazr.sshserver:
status: Triaged → In Progress
Colin Watson (cjwatson) on 2015-11-17
Changed in launchpad:
status: Triaged → In Progress
Changed in turnip:
status: Triaged → In Progress
Changed in txpkgupload:
status: Triaged → In Progress
Colin Watson (cjwatson) wrote :

I've prepared the Twisted backport (see https://code.launchpad.net/~cjwatson/launchpad/twisted-13.0.0-p2/+merge/277642). launchpad-dependencies has been upgraded, I've landed the txpkgupload pip changes, and I've upgraded txpkgupload to testtools 1.8.1 and Twisted 15.4.0 (though only currently on dogfood). So I think I'm now just awaiting review of my Twisted backport plus the release of Twisted 15.5.0.

Colin Watson (cjwatson) wrote :
Changed in lazr.sshserver:
status: In Progress → Fix Released
Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Colin Watson (cjwatson) on 2015-11-18
tags: added: qa-ok
removed: qa-needstesting
Colin Watson (cjwatson) wrote :

bazaar.launchpad.net now speaks SHA-2:

debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none

So only git.launchpad.net, upload.ubuntu.com, and ppa.launchpad.net remain, blocked on the Twisted 15.5.0 release.

Changed in launchpad:
status: Fix Committed → Fix Released
Colin Watson (cjwatson) on 2015-11-29
Changed in turnip:
status: In Progress → Fix Committed
Changed in txpkgupload:
status: In Progress → Fix Committed
Colin Watson (cjwatson) on 2015-11-30
Changed in txpkgupload:
status: Fix Committed → Fix Released
William Grant (wgrant) on 2015-12-09
Changed in turnip:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.