1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
|
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE chapter SYSTEM "chapter.dtd">
<chapter>
<header>
<copyright>
<year>2020</year>
<holder>Ericsson AB. All Rights Reserved.</holder>
</copyright>
<legalnotice>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
</legalnotice>
<title>Configuration in SSH</title>
<prepared></prepared>
<docno></docno>
<approved></approved>
<date></date>
<rev></rev>
<file>configurations.xml</file>
</header>
<section>
<marker id="introduction"/>
<title>Introduction</title>
<p>The OTP SSH app can be configurated by a large amount of <i>Options</i>. This chapter will not go into
details of what each of the options does. It will however describe and define different ways by which they
could be entered.
</p>
<p>Options for hardening are described in the <seeguide marker="hardening">Hardening SSH</seeguide> chapter.
How the options for algorithm configuration interact are described in the
<seeguide marker="configure_algos">Configuring algorithms in SSH</seeguide> chapter.
</p>
</section>
<section>
<title>Options configuration</title>
<p>There are from OTP-23.0 two main ways to set an option:
</p>
<list>
<item>Like before, in the <c>Options</c> parameter in the Erlang code
in a call to for example
<seemfa marker="ssh#daemon/3">ssh:daemon/3</seemfa> or
<seemfa marker="ssh#connect/3">ssh:connect/3</seemfa> or
any of their variants. Example:
<code>ssh:connect(22, [{user,"foo"}])</code>
</item>
<item>In <seefile marker="kernel:config">OTP Configuration Parameters</seefile>:
<p/>
<list>
<item>In the erl command line:
<pre>erl -ssh user \"foo\"</pre>
</item>
<item>In the <c>ssh.app</c> file, in the <c>env</c> part
<code>
{application, ssh,
[{description, "SSH-2 for Erlang/OTP"},
{vsn, "4.9"},
{modules, [ssh,
...
ssh_xfer]},
{registered, []},
{applications, [kernel, stdlib, crypto, public_key]},
{env, [{user, "bar"]}, % <<<<<<<<<<<<<<<<<<<<<<<<<<<<<< HERE
{mod, {ssh_app, []}},
...
</code>
</item>
<item>In a .config file:
<pre>erl -config ex1</pre>
where <c>ex1.config</c> contains:
<code>[
{ssh, [{user, "foo"}]}
].
</code>
</item>
</list>
<p>If the option is intended only for a server or for a client, it may be set in this way:
</p>
<code>[
{ssh, [{server_options,[{user, "foo"}]},
{client_options,[{user, "bar"}]}
].
</code>
<p>A server (daemon) will use the user name <c>foo</c>, and a client will use the name <c>bar</c>.</p>
</item>
</list>
</section>
<section>
<title>Precedens</title>
<p>If an option is set in more than one way, what happens?</p>
<p>There is an ordering, which is:
</p>
<list>
<item>Level 0: Hard-coded default values in the source code</item>
<item>Level 1: <seefile marker="kernel:config">OTP Configuration Parameters</seefile></item>
<item>Level 2: Options in the <seefile marker="kernel:config">OTP Configuration Parameters</seefile>
<c>server_options</c> or <c>client_options</c></item>
<item>Level 3: Options in argument list to a function</item>
</list>
<p>If the same option is set at two different levels, the one at the highest level is used.
</p>
<p>The only exception is the
<seetype marker="ssh#modify_algorithms_common_option">modify_algorithms</seetype>
common option. They are all applied in ascending level order on the set of algorithms. So a
<c>modify_algorithms</c> on level zero is applied before one of level one and so on.
</p>
<p>If there is an
<seetype marker="ssh#preferred_algorithms_common_option">preferred_algorithms</seetype>
option on some level the whole set is replaced by that in that option and <em>all modify_algorithms
are applied</em> in level ordering.
</p>
<p>The reason for applying all
<seetype marker="ssh#modify_algorithms_common_option">modify_algorithms</seetype>
in level order, is to enable the user to add an algorithm that has been removed from the
default set without code changes, only by adding an option in a config file.
This can be used to interoperate with legacy systems that still uses algorithms no longer
considered secure enough to be supported by default.
</p>
<section>
<title>Algorithm configuration</title>
<p>There is a <seeguide marker="configure_algos#introduction">separate chapter</seeguide> about how
<seetype marker="ssh#preferred_algorithms_common_option">preferred_algorithms</seetype> and
<seetype marker="ssh#modify_algorithms_common_option">modify_algorithms</seetype>
co-operate. How the different configuration levels affect them, is described here in this section.
</p>
<section>
<title>The ssh:start/0 function</title>
<p>If the application SSH is <em>not</em> <seemfa marker="ssh#start/0">started</seemfa>, the command
<seemfa marker="ssh#default_algorithms/0">ssh:default_algorithms/0</seemfa>
delivers the list of default (hardcoded) algorithms with respect to the support in the current cryptolib.
</p>
<p>If the application SSH <em>is</em> <seemfa marker="ssh#start/0">started</seemfa>, the command
<seemfa marker="ssh#default_algorithms/0">ssh:default_algorithms/0</seemfa>
delvers the list of algorithms after application of level 0 and level 1 configurations.
</p>
<p>Here is an example. The config-file has the following contents:</p>
<code>
$ cat ex2.config
[
{ssh, [{preferred_algorithms, [{cipher, ['aes192-ctr']},
{public_key, ['ssh-rsa']},
{kex, ['ecdh-sha2-nistp384']},
{mac, ['hmac-sha1']}]}]}
].
</code>
<p>Erlang is started with <c>ex2.config</c> as configuration and we check the default set of
algorithms before starting ssh:</p>
<code>
$ erl -config ex2
Erlang/OTP 23 [RELEASE CANDIDATE 1] [erts-10.6.4] [source-96a0823109] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:1] [hipe]
Eshell V10.6.4 (abort with ^G)
1> ssh:default_algorithms().
[{kex,['ecdh-sha2-nistp384','ecdh-sha2-nistp521',
'ecdh-sha2-nistp256','diffie-hellman-group-exchange-sha256',
'diffie-hellman-group16-sha512',
'diffie-hellman-group18-sha512',
'diffie-hellman-group14-sha256','curve25519-sha256',
'curve25519-sha256@libssh.org','curve448-sha512',
'diffie-hellman-group14-sha1',
'diffie-hellman-group-exchange-sha1']},
{public_key,['ecdsa-sha2-nistp384','ecdsa-sha2-nistp521',
'ecdsa-sha2-nistp256','ssh-ed25519','ssh-ed448','ssh-rsa',
'rsa-sha2-256','rsa-sha2-512','ssh-dss']},
{cipher,[{client2server,['chacha20-poly1305@openssh.com',
'aes256-gcm@openssh.com','aes256-ctr','aes192-ctr',
'aes128-gcm@openssh.com','aes128-ctr','aes256-cbc',
'aes192-cbc','aes128-cbc','3des-cbc']},
{server2client,['chacha20-poly1305@openssh.com',
'aes256-gcm@openssh.com','aes256-ctr','aes192-ctr',
'aes128-gcm@openssh.com','aes128-ctr','aes256-cbc',
'aes192-cbc','aes128-cbc','3des-cbc']}]},
{mac,[{client2server,['hmac-sha2-256','hmac-sha2-512',
'hmac-sha1']},
{server2client,['hmac-sha2-256','hmac-sha2-512',
'hmac-sha1']}]},
{compression,[{client2server,[none,'zlib@openssh.com',zlib]},
{server2client,[none,'zlib@openssh.com',zlib]}]}]
</code>
<p>Note that the algorithms in the file <c>ex2.config</c> is not yet applied. They will be
when we start ssh:
</p>
<code>
2> ssh:start().
ok
3> ssh:default_algorithms().
[{kex,['ecdh-sha2-nistp384']},
{public_key,['ssh-rsa']},
{cipher,[{client2server,['aes192-ctr']},
{server2client,['aes192-ctr']}]},
{mac,[{client2server,['hmac-sha1']},
{server2client,['hmac-sha1']}]},
{compression,[{client2server,[none,'zlib@openssh.com',zlib]},
{server2client,[none,'zlib@openssh.com',zlib]}]}]
4>
</code>
<p>We see that the algorithm set is changed to the one in the <c>ex2.config</c>. Since
<c>compression</c> is not specified in the file, the hard-coded default is still used
for that entry.
</p>
</section>
<section>
<title>Establishing a connection (ssh:connect et al) or starting a daemon (ssh:daemon)</title>
<p>Both when the client establishes a connection with ssh:connect or other functions, or a
daemon is started with ssh:daemon, the option lists in the function calls are also used.
</p>
<p>If a client is started (ssh:connect et al), the environment variable <c>client_options</c> is used.
Similarly for a daemon the <c>server_options</c> variable is handled.
</p>
<p>If any
<seetype marker="ssh#preferred_algorithms_common_option">preferred_algorithms</seetype> is
present, the one with the highest level is used, that is, the <c>Option</c> list parameter has the highest
priority. Then the
<seetype marker="ssh#modify_algorithms_common_option">modify_algorithms</seetype>
on all levels in order starting with level 0 are applied.
</p>
<p>We continue the example above by connecting to a server and modifying the <c>kex</c>
algorithm set. We remove the only one (<c>'ecdh-sha2-nistp384'</c>) and add
<c>'curve25519-sha256@libssh.org'</c>
by appending it to the now empty list:</p>
<code>
4> {ok,C} = ssh:connect(loopback, 22,
[{modify_algorithms,
[{rm,
[ {kex,['ecdh-sha2-nistp384']} ]
},
{append,
[ {kex,['curve25519-sha256@libssh.org']} ]
}
]
}
]).
{ok,>0.118.0>}
</code>
<p>We check which algoritms are negotiated by the client and the server, and note that
the (only) <c>kex</c> algorithm <c>'curve25519-sha256@libssh.org'</c> was selected:
</p>
<code>
5> ssh:connection_info(C, algorithms).
{algorithms,[{kex,'curve25519-sha256@libssh.org'},
{hkey,'ssh-rsa'},
{send_mac,'hmac-sha1'},
{recv_mac,'hmac-sha1'},
{encrypt,'aes192-ctr'},
{decrypt,'aes192-ctr'},
{compress,none},
{decompress,none},
{send_ext_info,false},
{recv_ext_info,true}]}
</code>
</section>
<section>
<title>Example of modify_algorithms handling</title>
<p>We will now check if the
<seetype marker="ssh#modify_algorithms_common_option">modify_algorithms</seetype>
on a lower level is applied to a
<seetype marker="ssh#preferred_algorithms_common_option">preferred_algorithms</seetype>
on a higher level. We will do that by enabling the <c>ssh-dss</c>
algorithm that is supported, but not in the default set.
</p>
<p>The config file <c>ex3.config</c> has the contents:
</p>
<code>
[
{ssh, [{modify_algorithms,
[ {prepend, [{public_key, ['ssh-dss']}]} ]
}]}
].
</code>
<p>A newly started erlang shell shows that no <c>'ssh-dss'</c> is present in the
<c>public_key</c> entry:</p>
<code>
1> proplists:get_value(public_key, ssh:default_algorithms()).
['ecdsa-sha2-nistp384','ecdsa-sha2-nistp521',
'ecdsa-sha2-nistp256','ssh-ed25519','ssh-ed448',
'rsa-sha2-256','rsa-sha2-512','ssh-rsa']
2>
</code>
<p>A call to <c>ssh:connect/3</c> removes all algorithms but one of each type:
</p>
<code>
2> ssh:start().
ok
3> {ok,C} = ssh:connect(loopback, 22,
[{preferred_algorithms,
[{public_key, ['ecdsa-sha2-nistp256']},
{kex, ['ecdh-sha2-nistp256']},
{cipher, ['chacha20-poly1305@openssh.com']},
{mac, ['hmac-sha2-256']},
{compression, [none]}
]}
]).
{ok,<0.101.0>}
4> ssh:connection_info(C,algorithms).
{algorithms,[{kex,'ecdh-sha2-nistp256'},
{hkey,'ssh-dss'},
{send_mac,'chacha20-poly1305@openssh.com'},
{recv_mac,'chacha20-poly1305@openssh.com'},
{encrypt,'chacha20-poly1305@openssh.com'},
{decrypt,'chacha20-poly1305@openssh.com'},
{compress,none},
{decompress,none},
{send_ext_info,false},
{recv_ext_info,true}]}
5>
</code>
<p>But <c>'ssh-dss'</c> is selected although the call inserted <em>only</em>
<c>'ecdsa-sha2-nistp256'</c> as acceptable.
</p>
<p>This example showed that we could augment the set of algorithms with a
config-file without the need to change the actual call.
</p>
<p>For demonstration purposes we used <c>prepend</c> instead of <c>append</c>.
This forces the negotiation to select <c>ssh-dss</c> since the the full list
of public key algorithms was
<c>['ssh-dss','ecdsa-sha2-nistp256']</c>.
Normally it is safer to append a non-default algorithm.
</p>
</section>
</section>
</section>
</chapter>
|
