OpenSSH 4.2 released

BSDForums writes "OpenSSH 4.2 has been released. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Changes since OpenSSH 4.1 include security bug fixes relating to GatewayPorts, and GSSAPI, which eliminates the risk of credentials being inadvertently exposed to an untrusted user/host. A new compression method, proactive changes for signed vs. unsigned integer bugs, and many additional bugfixes and improvements highlight this release."

uh oh

[dave420]

"proactive".

The new compression method is pretty fantastic.

[CyricZ]

I've found that it offers a good 10% to 15% decrease in data size compared to the previous method.

Re:The new compression method is pretty fantastic.

[nurb432]

That might make remote X11 useable on a cable modem..

Re:The new compression method is pretty fantastic.

[Titus+B.+Otch]

FTA: Added a new compression method that delays the start of zlib compression until the user has been authenticated successfully."

Who care's about compression algo(s). SSH was designed with security in mind, and it's about time they add this pause, since who really knows what's up wif zlib these days...

Re:The new compression method is pretty fantastic.

[Sarin]

Compression and portforwarding is a golden combination.
You can login into your providers ssh server (if they have that) and forward/compress the port of your favourite usenet server. That way I had a 300kb/sec speed boost - I got more data than my adsl account normally could handle. Maybe with this compression boost there's even room for more bandwidth on my 8mbit account.
I'll bet my provider's going to be even more happy with me again.

Re:The new compression method is pretty fantastic.

[suitepotato]

That might make remote X11 useable on a cable modem..

It already is useable at the current top speeds which are now several megabits upstream and ten to fifteen down, depending on where you live. Even at 512Kbps upstream it is useable for me in concert with VNC.

Re:The new compression method is pretty fantastic.

[cerelib]

Are you using vnc to control an X desktop? Because to my knowledge that is different than using remote X applications which I have always found to be slow.

Re:The new compression method is pretty fantastic.

[nurb432]

Due to the speed of remote X across my cable wire, i am using VNC ( via SSH ) to get by. ( with VNC running as a daemon off inetd )

But, its a bit overkill and isnt as seemless as id like it.

Re:The new compression method is pretty fantastic.

[nurb432]

I'm capped at 128k upstream here...

VNC works with 128K to get a desktop, but id rather use native X11. ( seemless windows, cut/paste to the local machine, etc etc )

Re:The new compression method is pretty fantastic.

[dmiller]

Sorry, but this new "method" (i.e. protocol method) not a new algorithm. In fact it uses zlib just like the standard one, but it delays its use until *after* the user has authenticated.

This way we avoid pre-auth exposure to zlib bugs.

Re:The new compression method is pretty fantastic.

[Nailer]

SSH compression is about 12 to 1. Even with improvements, it probably won't compete with NX compression, which is 60 to 1, and already makes X useable over a cable modem.

Re:The new compression method is pretty fantastic.

[Mad+Merlin]

Try using lbxproxy (slightly dated but still useful howto). I find it makes a pretty big difference over non-LAN connections towards the "very usable" part of the slider.

Increased default key size.

[CyricZ]

From the changelog:
"- Increase the default size of new RSA/DSA keys generated by ssh-keygen from 1024 to 2048 bits."

It's good to see that the default size of the keys had been increased. It's only a matter of time before modern systems (or clusters of modern systems) are capable of defeating even 1024 bit keys routinely. This proactive doubling of the default keysize is sure to increase the overall security for OpenSSH users for some time.

Re:Increased default key size.

The increase of the key size might not be as useful as you think. The best way to get through these encryptions has been, and will continue to be non-brute force methods including social engineering or other methods of obtaining the key. The increase in computing systems does not actually get us much closer to cracking it considering by best methods availible it would still take my computer more then 10^50 years (if memory servers me right) to crack a 1024 bit key. There would have to be a very significant increase in the level of computing power before this becomes plausable. The biggest worry here is in case mathematicall methods of increase efficenecy are developed that increase cracking time without completely breaking the code.

Re:Increased default key size.

[CyricZ]

Changes are your computer is hardly the bastion of computing systems. But it's naive to believe that there will not be major increases in computing capabilities, even within the next few years. What today seems impossible with regards to computing will be sitting on your desk. And a couple of years later it will be in your closet collecting dust, replaced by the next computing innovation. Soon enough, a child will have a toy portable gaming system that is powerful enough to crack 1024-bit keys within seconds.

Social engineering will most likely remain constant. Hence the increase in key size will only serve to increase security, at least for the time being.

Re:Increased default key size.

Maybe you don't realize how big 10^50 is. Even if you have a computer a million times more powerful than his and even if computing power increases a million fold (current rate is doubling every 18 months and that is expected to taper off), every single star in the universe will die off before you finish cracking it (actually you'll still be trying to crack it when the last star dies).

Re:Increased default key size.

[Kjella]

1024 bit asymmetric is roughly as hard to crack as 128 bit symmetric = ~10^40. It's *still* on the order of "If we take all the power of the sun to power PIVs we can do it" level. Noting that I'm talking about instructions/watt here (energy efficiency), not instructions/second (speed). Obviously you get a lot better dedicated chips than that, but even so... unless you're Osama, you needn't worry.

Moving to 2048 bits is the kind of "Even if you take the power of the sun and the whole galaxy too, and run it on hyperefficient nanowatt CPUs that can do one key/clock cycle, you're still going to run out of energy" move. Unless you happen to know a better algorithm than brute force, in which case 2048 bits may be just as screwed as 1024 bits...

Kjella

Re:Increased default key size.

Cracking it on the first attempt and cracking it on the 10^50th attempt have equal probabilities.

Re:Increased default key size.

[Malor]

As far as I know, the computational overhead of the higher-bit keys isn't that significant, so it's probably not doing any actual harm. It'll slow down initial key negotiation and session setup, but it shouldn't affect traffic overhead, because that's encrypted with a symmetric cipher that was negotiated with the (very slow) public-key protocol. You'd probably only notice the overhead if you were running a server with many, many session setups. If it impacted you, generating a smaller key would be trivial.

The larger key will make your data more secure on the wire, in transit, but the weakest point has always been the key's passphrase. A 32768-bit key is just as crackable as a 256-bit key if you have physical access to the encrypted keyfile.

Improving transit security isn't an inherently bad idea, but it's making the strongest link in the chain even stronger. It probably won't do that much to increase overall security.

Re:Increased default key size.

[Homology]

As far as I know, the computational overhead of the higher-bit keys isn't that significant, so it's probably not doing any actual harm. It'll slow down initial key negotiation and session setup, but it shouldn't affect traffic overhead, because that's encrypted with a symmetric cipher that was negotiated with the (very slow) public-key protocol.

The generation of server keys will take _much_ longer time on some architectures, and this was actually one of the arguments of not increasing the key length earier. Of course, 1024 was considered "safe enough", though.

Re:Increased default key size.

[Malor]

Definitely correct, but you only do that once, normally. Is an extra five minutes at server build really that big a deal?

Re:Increased default key size.

[h4rm0ny]

Cracking it on the first attempt and cracking it on the 10^50th attempt have equal probabilities.

True, but both probabilities are minute. The median of that range is 5*10^49 meaning that's the average number of tries you need. If you got lucky and found it in the first 10%, that's 10^49. If someone wanting to spy on you can muster the resources to crack that in a human lifetime, you've made an enemy of God!

Quantum computing opens up some interesting possibilities, but if a hypothetical Quantum computer in the year 2015 could search 1x10^23 keys per second (more than that massive distributed Internet project a while ago), it would still take millions of years on average.

10^50 is a big number.

Re:Increased default key size.

[CyricZ]

Do you realize how much data 1.5 TB is? It's a fair bit. Several years ago that much data storage would have been considered quite unthinkable in a single, desktop PC. But it's quite possible today, and even becoming quite common.

What is considered "large" today will be amongst the smallest problems in the near future. That is just how fast technology progresses.

Re:Increased default key size.

[I+Like+Pudding]

Quantum computing opens up some interesting possibilities, but if a hypothetical Quantum computer in the year 2015 could search 1x10^23 keys per second (more than that massive distributed Internet project a while ago), it would still take millions of years on average.

Actually, quantum computers can factor a large prime instantly if they're "wide" enough (eq a 1024 qubit quantum box will haxxor your 1024 bit pub key)

Longer passwords on UnixWare?

[CyricZ]

From the changelog:
- Portable OpenSSH: Added support for long passwords (> 8-char) on UnixWare 7.

I'm surprised that it has taken them this long to add support for long passwords to UnixWare 7. UnixWare 7 is a modern UNIX by all means, considering it is still being updated frequently. Can anybody shed some light as to why it took so long for this fairly rudimentary support to be added to the portable version of OpenSSH?

Re:Longer passwords on UnixWare?

[LurkerXXX]

Just a guess but, maybe a lack of someone working on OpenSSH who actually uses UnixWare 7?

Re:Longer passwords on UnixWare?

Northwestern University still limits our school-wide passwords to 6-8 characters. Shame on them. (At least the CS Dept passwords aren't artificially crippled this way.)

Re:Longer passwords on UnixWare?

[dmiller]

Because nobody has ever asked or contributed code to make it work - this code was actally contributed by SCO themselves. We developers don't have access to ever system that OpenSSH runs on.

Re:Longer passwords on UnixWare?

[bill_mcgonigle]

Up until this point, everybody who had discovered OpenSSH found out it came with every Linux distro and just Switched.

Re:Longer passwords on UnixWare?

[wtarreau]

I'm surprised that it has taken them this long to add support for long passwords to UnixWare 7. UnixWare 7 is a modern UNIX by all means, considering it is still being updated frequently.

I'm not surprized at all, considering the thousands of bugs they don't even plan to fix ! We had to resort to binary patching because one customer had to wait 5 seconds between every ticket print on a POS. Needless to say it caused great trouble. But the "sleep 5" in the code was there to avoid a fast busy loop !!! And that's just an example.

Please excuse my obvious ass-kissing

[xiando]

A new version of my favorite Linux tool! How great! I could not live a second without being able to scp file.tar.bz2 user@hostname:/path, or without being able to open files remotely using KDEs fish: fish://username:passord@host.box/some/path works in all the KDE file dialog boxes thanks to SSH. Nor would I be able to login to the box where I have my irssi IRC client running, connected to numerous IRC servers and a BitlBee gateway for MSN/ICQ/AIM/Google Talk. And then there is sftp.. SSH is something completely essential for most experienced Linux-users, used one way or the other constantly when I am in front of my computer. So thank you, SSH developers, for making my life better! And thank you for a new, more secure version.

Re:Please excuse my obvious ass-kissing

fucking jews

Re:Please excuse my obvious ass-kissing

[ScriptedReplay]

Hint: use aliases in .ssh/config to make your life easier. Something like:

Host alias1
      Hostname hostname
      User username
      [add extra options like authentication method, X11 forwarding, agent forwarding, private key to use and so on]

then you do scp file.tar.bz2 alias1/path or fish://alias1/some/path (and get a password prompt). Less typing - and works with bash completion too.

Re:Please excuse my obvious ass-kissing

A new version of my favorite Linux tool! How great!

It is actually an OpenBSD tool. Linux is only a kernel.

Re:Please excuse my obvious ass-kissing

[fimbulvetr]

You are a saviour!!!!!

I've always wondered if it did this, but I've been too lazy to check.

Re:Please excuse my obvious ass-kissing

[thc69]

The coolest thing about ssh is the versatility you get out of one open port. You can login, cp, and ftp securely, with only one port open; additionally, you can tunnel any other port you want. ssh is great for securing vnc.

It's not even hard to find a client. Modern Linux and BSD systems mostly have it, and if you're using Windows, you can download PuTTY and use it without even having to install it and make a mess. Great if you're a guest on somebody else's system.

I use ssh, sftp, scp, and vnc over ssh daily.

Re:Please excuse my obvious ass-kissing

[Kynde]

Bloody hell. I've been using openssh ever since it came out and quite a while the old Tatu Ylönen's ssh before that and type all those lengthy user@hostname.domainname.whatever: prefixes day in day out without knowing about those aliases.

The fact is that in OSS world one should, atleast once a month raise fingers from the keyboard and stop to think "What am I missing from my daily environment? Are stupid, repetetive or borings things that I do all too frequently?". The odds are that I could easily fix most of them swiftly and the ones that might require moderate amounts of work to happen it's quite likely that someone hast stumbled on those very same issues before me and fixed them. (and experience in *nix world teaches me that frequently the fix is quite brilliant)

Re:Please excuse my obvious ass-kissing

Personally I'd live much better with plan9-like operative systems, where you don't "scp" things, but import/export directories to your own process' filesystem namespace and then use cp, etc...

Re:Please excuse my obvious ass-kissing

[Homology]

Funnily enough, in the responses to the upcoming BSD certifiction, some of the respondents said that skilled/expert administrators should not have to look in the man pages. But if this is the attitude, my guess is that they don't read man pages very often, and thus miss all the new fun stuff :-)

Re:Please excuse my obvious ass-kissing

[pAnkRat]

-- atleast once a month raise fingers from the keyboard and stop to think "What am I missing from my daily environment? Are stupid, repetetive or borings things that I do all too frequently?". ..

Yep, that's what I do all day.
Problem is that I don't get any real work done, but that's another story :-)

Re:Please excuse my obvious ass-kissing

[sponger]

I agree! what else are they there for? even Lawyers refer to lawbooks.

Re:Please excuse my obvious ass-kissing

you mean
scp file.tb2 alias1:/path
don't forget the colon

i didn't know about this config file and it's going to be really handy. thanks for pointing it out.

Re:Please excuse my obvious ass-kissing

I call this idea "tool day" and try to have one every 3 months or so. Spend the day playing with your tools trying to do things you think you want them to do: get around annoyances, do things faster or cleaner, do new functions, etc., or just browse the docs or the web for cool ideas.

Recent things learned:

• screen: "stuff" to push characters into input queue
  
• zsh/ssh: tab completion for hostnames
  
• ssh: stop password retyping: ssh-agent use
  
• vim: look up word definitions with 'K': keywordprg=dict
  

I think the idea is independent of "OSS".

#toolday should be an IRC channel.

Re:Please excuse my obvious ass-kissing

[a11]

Yes I am. I'm also fucking the redskins, the niggers, some of those hairy Mexicans, the little-dicked Asians, the preppy white girls, my favorite polar bird - the penguin, that hot piece of cartoon ass - the little mermaid, two of the 3 little pigs (the one in the straw house just isn't that good looking), diet soda in 12oz cans (I load them up after I chug them down) - make 7 up yours, fried shrimp, car exhaust from 1987 Impalas, rare species of the east coast butter-lilly, lake Michigan, the great planes of the Midwest, the yahoo online TV listings, Slashdot: news for nerds, Thinkgeek: clothing for nerds, nerds, the colors blue (as in gay) and black (as in nigger), the 9 o'clock news with Dan Rather, Tropicana premium select home-style orange juice (with pulp), DVD rw-, hardwood floors, and, of course, just to reiterate, I like fucking those Jews.

And even though I'd fuck all that, including the fucking Jews, I still wouldn't fuck you, you fat, ugly piece of shit. You can go fuck yourself.

Re:Please excuse my obvious ass-kissing

[stor]

I've got one for you if you haven't learnt it: xargs.

some cruddy examples of how to use it:

"cat filelist.txt |xargs -i ls -l {}"
"ls | xargs -i mv {} {}.bak"

It's a great workaround to the "file list too long" problem some tools exhibit. It saves my arse every month or so.

Cheers
Stor

Re:Please excuse my obvious ass-kissing

xargs has problems with spaces in names, and is therefore pretty dangerous when used like that

Re:Please excuse my obvious ass-kissing

[Kynde]

As the other poster pointed out. xargs has easily some problems with spaces.

I use 'for' in most such circumstances. e.g.

for x in * ; do mv "$x" "$x".bak ; done

Re:Please excuse my obvious ass-kissing

[swillden]

xargs has easily some problems with spaces.

True, but xargs also has "-0", which solves the problem quite nicely in the most common usage -- coupled with find. The "-print0" option causes find to output the results with null characters separating them, rather than newlines, and "-0" causes xargs to expect the input to be null-delimited.

for x in * ; do mv "$x" "$x".bak ; done

That can break down when there are too many files in the current directory because the command line becomes too long for the shell to manage after expansion. I prefer:

ls | while read x; do mv "$x" "$x.bak"; done

That handles file names with spaces in them quite nicely, and doesn't choke on large directories. However, if the command you're executing is one that can take a long argument list, a while loop is not as efficient as

find -maxdepth 1 -print0 | xargs -0 rm

Because xargs will not run an 'rm' process for each file, but will instead put multiple files on each invocation.

I find the difference very significant when I need to clean out my spam folder.

Why you shouldn't use OpenSSH

A key member of the OpenSSH team is Theo DeRaadt, and Theo has done more to hurt open source than any other single person. How can one person do so much damage? By being a complete and total asshole.

Think this is a joke? Think that surely no one could be THAT much of an asshole? Google around. Read some mailing list archives. The guy is KING asshole.

Re:Why you shouldn't use OpenSSH

[CyricZ]

There is no question that Mr. deRaadt is quite outspoken. But he can produce some damn fine and mighty secure code. I have nothing but the utmost respect for his coding abilities, even if his public relations skill are lacking.

Frankly, I'd rather put up with arrogance and have access to amazing code, rather than dealing with a nice person who can't write code worthy of a cockfool.

Re:Why you shouldn't use OpenSSH

[Elektroschock]

What "damage" did he do to Open source?

He annoys people. ...well...He is probably an asperger.

Re:Why you shouldn't use OpenSSH

[Yaa+101]

Theo de Raadt is ok really, he puts his coding where his mouth is. And at least he's not a corporate ass-licker like a lot of others. He does not corrupt his vision with corporate goodies.

Re:Why you shouldn't use OpenSSH

Where can I download your OpenSSH replacement ?

Re:Why you shouldn't use OpenSSH

I don't really care about the politics. Maybe that is something I would take in consderation if I wanted to be his friend and have him around people I know, but why does it matter when it comes to using his code?

What I do know is that OpenSSH is a fine piece of software and it gets put on all of my servers. I'll be happy to know that Theo's code is in there.

Re:Why you shouldn't use OpenSSH

[slavemowgli]

Admittedly, yes, Theo is (or at least can be) quite an asshole. But what does that have to do with the quality of OpenSSH (or OpenBSD)?

Like him or not, but it's a great program, and not using it just because you don't like the lead developer, when there are no actual reasons not to, is stupid.

Re:Why you shouldn't use OpenSSH

[Ann+Elk]

As a friend of mine says, "It's OK if they call you an asshole, if they say it with awe."

Theo is certainly opinionated, and he may or may not be an asshole, but his group produces some damn fine software. You may not like his methods, but it's difficult to argue with his results.

Re:Why you shouldn't use OpenSSH

[Elektroschock]

wikipedia article "After de Raadt stated his disapproval of the U.S.-led occupation of Iraq in an interview with Toronto's Globe and Mail, a multi-million-dollar US Department of Defense grant to the University of Pennsylvania's POSSE project was cancelled, effectively ending the project. Funding from the grant had been used in the development of OpenSSH and OpenBSD, as well as many other projects and was to be used to pay for the hackathon planned for the May 8, 2003. Despite money from the grant already having been used to secure accommodations for 60 developers for a week, the money was reclaimed by the government at a loss and the hotel told to not allow the developers to pay the reclaimed money to resecure the rooms. This resulted in criticism among some that the US military held an anti-free speech attitude."

What's bad about doing THE RIGHT THING? Even if you have to pay the price. This is what we want from a security specialist.

Is this solution secure? -->
specialist: Well, blabla...quantum computing...
marketing guy: Absolutely!

Go to Iraq? --> ...

A trustful security specialist has to tell you the truth. Diplomacy serves stupidity and insecurity.

Military systems want "loyality", they do not want you to talk about problems, they want you to report that everything's fine. Because when you talk about problems it means work for them. That is why they fail, why they are dysfunctional from an organisational perspective. Dictorship simply means: organise the state like the military system. but the fact is: Problems make life intresting. Problems are no shame. Shutting down discussions about them does not solve them. Think negative!

Re:Why you shouldn't use OpenSSH

Why flamebait? It's a simple speculation. It's not like it's an insult. If anything it's a reasonable explanation to, and to be honest somewhat of an excuse for, his behaviour.

Re:Why you shouldn't use OpenSSH

[ArbitraryConstant]

I've met Stallman and de Raadt and they're both assholes. But the world needs a few people that are willing to be assholes.

He gets results. For example, giving out contact information isn't the nicest way to get hardware docs and firmware, but it works.

Re:Why you shouldn't use OpenSSH

[Krunch]

Here. Notice I'm not the parent poster and I don't really care about De Raadt's attitude (and I use OpenSSH and OpenBSD daily and I have never tried libssh, I just know it exists).

Re:Why you shouldn't use OpenSSH

[Elektroschock]

Talented people, real genius, think of Mozart and others... they are usually a little bit mad and they deserve tolerance.

They can take the freedom to be different and we have to understand that we have to adopt to them.

Re:Why you shouldn't use OpenSSH

[Homology]

I've met Stallman and de Raadt and they're both assholes. But the world needs a few people that are willing to be assholes.

He gets results. For example, giving out contact information isn't the nicest way to get hardware docs and firmware, but it works.

de Raadt only releases contact information when everything else has failed for several months. The latest incident with Adaptec is an example of this.

Re:Why you shouldn't use OpenSSH

[TheRaven64]

Read Theo when he's actually allowed to talk without being baited. I read a long interview in the Sydney Morning Herald about a year ago, which was a strong influence in making me start using OpenBSD. The impression he gave was of someone who doesn't take any bullshit, but who is incredibly competent - exactly the person I would pick as project leader for an OS I was going to use.

The OpenBSD community does tend to be a bit arrogant, but that's what you get from developing an OS which considers free-as-in-RMS to be just about free enough at a push, and which gets used to security advisories being tagged as `does not apply on OpenBSD'.

Re:Why you shouldn't use OpenSSH

You're thinking of Poul-Henning Kamp and Dag-Erling Smorgrav from the FreeBSD arrogant asshole team.

Re:Why you shouldn't use OpenSSH

[fbg111]

Frankly, I'd rather put up with arrogance and have access to amazing code, rather than dealing with a nice person who can't write code worthy of a cockfool.

Fortunately, decency and skill/talent are not mutually exclusive, and there are plenty of examples of that, so it's not too much to ask even of brilliant people that they also comport as decent human beings.

Re:Why you shouldn't use OpenSSH

[Billly+Gates]

Riigghht

All people with aspergers are real assholes.

Seems to me the moderation points are well deserved.

Re:Why you shouldn't use OpenSSH

[muonzoo]

Honestly, I've known Theo for over 15 years. That's longer that almost everyone else who has an opinon here.

That said, Theo is outspoken, loud, somewhat obnoxious and sometimes very hard to deal with. None of that affects the quality of his work. It certainly affects the quality of interaction you might have with Theo, or the perception you might have around his projects.

I certainly would not conduct my personal affairs with the same aplomb as Theo, nor would I piss in my own Corn Flakes quite like Theo can. This aside, Theo is an intelligent, smart individual and those who choose to draw from him that which is valuable will recognize that his different viewpoints, although sometimes objectionable, are just that : different viewpoints.

Sometimes, in the realm of the übergeek, it is difficult to remember that the goal is to produce the best software possible for the consuption and use of others.

I would never, (I repeat: NEVER), conduct my social affairs in the same fashion as Theo, however, I would be a happy man to be able to hang my hat on the solid line of quality software that he and his cadre of loosely joined pieces have brought us all.

I have partied with de Raadt, I have climbed, caved and even swooned over the same ladies. None of this matters. In the end, love Theo or hate him, he has contributed much to the OSS world and much to the security realm.

I may not choose to give him a grant allocation or hire him for my firm, however, Theo is Theo and at least he holds a consistent standard for himself and those who contribute to the projects he administrates. For this we can all be thankful. Interity is an essential element of honor; if you do not agree with how Theo condicts his affaris; so be it, but I think Theo makes the effort to conduct his own affairs within his own code of honor. Even if this code is incompatible with my own (and it appears to be) I have to respect that.

Re:Why you shouldn't use OpenSSH

The reasonable man adapts himself to the world; the unreasonable
one persists in trying to adapt the world to himself. Therefore
all progress depends on the unreasonable man.
-- George Bernard Shaw

I would say change instead of progress. Of course a lot of change can occur because of a soft amiable tone too.

Speaking of X11-related improvements...

[CyricZ]

From the changelog:
- Implemented support for X11 and agent forwarding over multiplexed connections. Because of protocol limitations, the slave connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding their own.

This bugfix may very well affect the performance of OpenSSH when used to encrypt communications with a remote X11 server.

Re:Speaking of X11-related improvements...

[dmiller]

No, that has nothing to do with compression performance. (it isn't a bugfix either: it is a new feature)

But they didn't add new compression

[BobPaul]

From the changelog:
" Added a new compression method that delays the start of zlib compression until the user has been authenticated successfully. The new method ("Compression delayed") is on by default in the server. This eliminates the risk of any zlib vulnerability leading to a compromise of the server from unauthenticated users." (emphasis mine)

OpenSSH used zlib before, and they're still using it now. All they've done is delay the start of compressed streams until after authentication. This is a security fix, not a speed boost.

Re:But they didn't add new compression

[wtarreau]

This guy might have linked against a static zlib and used a different one between this old openssh and the new one.

willy

From Bill Gates...

I'll take that, thanks!

Keep up the good work guys.

It's our pleasure, Mr. Gates.

[CyricZ]

No problem, Bill. After all, open source software (especially that under the BSD license) is meant to be shared and used by all, basically however they see fit. That's the name of the game, Mr. Gates.

Re:It's our pleasure, Mr. Gates.

[ArbitraryConstant]

The BSD licensing has made it possible for commercial OSes to have an SSH implementation by default. That ubiquity is what killed telnet. By helping companies like Microsoft, Sun, and Apple, the OpenSSH project has helped everyone.

Re:It's our pleasure, Mr. Gates.

[einhe1t]

How has openssh helped microsoft?

I don't remember seeing ssh in mswindoze by default. Hell, ms only recently started offering telnet -

Re:It's our pleasure, Mr. Gates.

[sycotic]

Uh, they've had telnet since Windows 95 - right?

Maybe even earlier with pre-4.0 versions of Windows NT.

I wouldn't call that very recent...

Re:It's our pleasure, Mr. Gates.

[einhe1t]

um, we're talking about a telnet server...

Re:It's our pleasure, Mr. Gates.

[ArbitraryConstant]

Don't they ship OpenSSH with SFU?

Re:It's our pleasure, Mr. Gates.

SFU?

STFU.

Re:It's our pleasure, Mr. Gates.

[theLOUDroom]

The BSD licensing has made it possible for commercial OSes to have an SSH implementation by default. That ubiquity is what killed telnet. By helping companies like Microsoft, Sun, and Apple, the OpenSSH project has helped everyone.

Except that BSD liscensing allows compaines like Microsoft the pervert a standard protocol, so that it is no longer interoperable, nor "ubiquitous" ...perhaps not even secure.

There is nothing the prevents Microsoft from distributing a GPL'ed product except their own internal decisions.
The biggest difference is, of course, that they would have to publish any changes. To me, it seems obvious the you should WANT them publish any changes to SSH.

Re:It's our pleasure, Mr. Gates.

[ArbitraryConstant]

" Except that BSD liscensing allows compaines like Microsoft the pervert a standard protocol, so that it is no longer interoperable, nor "ubiquitous" ...perhaps not even secure. "

I was aware of that argument before, but putting it in bold convinced me.

"The biggest difference is, of course, that they would have to publish any changes. To me, it seems obvious the you should WANT them publish any changes to SSH."

That's why these arguments never go anywhere. You don't just think I have different priorities, you believe I am irrational.

To replace telnet, they had to throw something out there that anyone could use and customize in any capacity (including extensions). Whether or not you agree, and whether or not they are right, some of the companies out there want the freedom to customize code without releasing the changes.

I think that sometimes making something ubiquitous is more important. I'm find with the Linux kernel being GPLed, but I'm also fine with other things being BSDLed.

Re:It's our pleasure, Mr. Gates.

[theLOUDroom]

To replace telnet, they had to throw something out there that anyone could use and customize in any capacity (including extensions).

GPL allows all of the above :)

Whether or not you agree, and whether or not they are right, some of the companies out there want the freedom to customize code without releasing the changes.

And I want a Ferrari... doesn't mean you have to give it to me, especially for free.

Microsoft's breaking of Kerberos is just a minimal example of what can go wrong here.

It's not that it's 100% terrible that OpenSSH is BSD liscensed, but it seems like a bad idea for a package where the two main concerns are interoperability and security.

Re:It's our pleasure, Mr. Gates.

[styrotech]

Not the last time I looked - having a properly integrated OpenSSH client and server was my biggest wish list item for SFU. Although you can download OpenSSH separately, but you miss out on cool features like Kerberos auth when used on SFU.

Re:It's our pleasure, Mr. Gates.

[ArbitraryConstant]

"GPL allows all of the above :)"

Not necessarily. For example, they might recieve bug reports under NDA (not hard to imagine for security issues), and a source patch would violate that. They might also wish to license commercial code. Even if they don't want to do that, it makes people nervous when they have to rule out the ability to do that from the get-go.

"And I want a Ferrari... doesn't mean you have to give it to me, especially for free."

That doesn't make any sense. The maintainers give it away under the license they use voluntarily. They're not obligated to, they want to. Your analogy implies the companies that don't want the GPL involved are placing an extra burden on someone else when in fact they're just taking avantage of something a few security zealots are giving away.

"it seems like a bad idea for a package where the two main concerns are interoperability and security."

And yet, it turns out that most prefer to stick to the official OpenSSH as closely as possible, simply to avoid the cost of maintaining a ton of local customizations. They cut their customizations down to a minimum and try to track the official version (perhaps backporting security fixes).

Obvious solution to the eMarket-demands

We need to embrace revolutionary channels, grow cross-platform web services,
incubate revolutionary ROI, transition web-enabled partnerships, synthesize
enterprise eyeballs, brand intuitive e-tailers, enhance holistic e-business,
enhance integrated schemas, monetize enterprise convergence, syndicate
next-generation metrics, architect dot-com initiatives, cultivate global
markets, leverage vertical schemas, morph integrated action-items, scale
synergistic content, harness collaborative communities, leverage world-class
e-markets, recontextualize integrated partnerships, unleash clicks-and-mortar
metrics, recontextualize collaborative schemas, scale out-of-the-box content,
unleash leading-edge synergies, expedite open-source action-items, iterate
global channels, engage transparent e-tailers, harness distributed
supply-chains, extend efficient paradigms, enable world-class e-markets,
repurpose dynamic users and whiteboard 24/7 e-tailers.

Mod down

Post is bollocks - "new" compression method is a security fix, not a functional improvement.

Still no logging of sftp/scp transfers?

[GeekBoy]

Sigh. Back to my commercial (vandyke vshelld) implementation....

Re:Still no logging of sftp/scp transfers?

Umm.. I get log notices for sftp/scp transfers /w OpenSSH.

Re:Still no logging of sftp/scp transfers?

[slavemowgli]

Why not just implement it? I'm not that familiar with C really, but I'd be surprised if it was more than a few lines - basically, you'd just have to add a call to syslog(3) in an appropriate place.

Re:Still no logging of sftp/scp transfers?

[incubuz1980]

http://sftplogging.sourceforge.net/

Don't know if i works against OpenSSH 4.2.

But it probably will soon.

Re:Still no logging of sftp/scp transfers?

google + "sftp log" = you are an assclown!

http://sftplogging.sourceforge.net/
This patch adds the following functionality to openssh:

        * Log FTP Sessions
        * Designate a umask for FTP sessions
        * Allow/disallow "chown" or "chgrp" during FTP Sessions

Re:Still no logging of sftp/scp transfers?

[RAMMS+EIN]

As far as I understand, both scp and sftp are actually implemented by separate binaries on the server side. Why don't you just replace those binaries with ones that do your logging and defer the actual work to the original binaries?

Re:Still no logging of sftp/scp transfers?

[brenddie]

I use vandyke vshell too.
Very robust product. The most usefull features are loggin of transfers, download/upload triggers, and disabling of shell/sftp by groups.
Very secure , Only 1 Security Advisory (august 2005) in a couple years

Re:Still no logging of sftp/scp transfers?

[GeekBoy]

And is is part of the standard distro? No. What is that important? b/c of our support agreements. RedHat will only support unmodified binaries that come with their distro. RedHat and it's support are required by my client.

Re:Still no logging of sftp/scp transfers?

[innocent_white_lamb]

vandyke vshelld is part of the standard distro and is an unmodified binary supplied by Redhat?
 
No?
 
You may want to re-think your argument against sftp logging....

Re:Still no logging of sftp/scp transfers?

[GeekBoy]

The point is vshell is supported by a vendor. OpenSSH is only supported by RedHat as a vendor if I don't patch it to include sftp logging capabilities.

Why don't you check your logic before posting?

Re:Still no logging of sftp/scp transfers?

[innocent_white_lamb]

I did. You stated that all of your client's software had to be supported by Red Hat, not by J. Random Vendor.

Perhaps you, as the software vendor to your client, could offer support for the software that you install, instead of relying on third parties.

No, that's not intended to be a facetious comment. Give it some real consideration.

Re:Still no logging of sftp/scp transfers?

[GeekBoy]

I meant that if I used openssh, it would have to be supported by RedHat (as that is the distributor), and in order for it to do what I want it to do, I need an ssh server that does logging of sftp down/uploads, etc. The only way to make openssh do that is to patch it, at which point RedHat then will not support it. My only option at this point is to stick to a commercial ssh product.

I am not the software vendor for my client. I'm the integrator and administrator and our contract stipulates that all parts of the system must be supported. It would be nice if I could support all of the software that I install, but I'm one *nix guy in a datacenter that supports many many many unix machines as well as firewalls, SAN's, network monitoring, mail servers, fileservers, NAS, (etc. you get the picture) across vastly different environments. I just don't have the time or inclination to fix busted software at the source code level. I could, but I have better things to do with my time.

Besides, at the end of the day I don't want to be completely burned out. I still need energy for other things, like writing lineak lineak.sourceforge.net

Re:Still no logging of sftp/scp transfers?

[innocent_white_lamb]

I'm one *nix guy in a datacenter that supports many many many unix machines as well as firewalls, SAN's, network monitoring, mail servers, fileservers, NAS, (etc. you get the picture) across vastly different environments.
 
And absolutely none of it requires any custom software, Perl/Bash scripts, or "glue" at all to make it do the job that the client needs to have done?
 
I just don't have the time or inclination to fix busted software at the source code level.
 
I'm amazed. Astounded.
 
I don't disbelieve you, but I have never seen an operation that worked like that, ever.
 
I guess I lead a sheltered life.

Re:Still no logging of sftp/scp transfers?

[GeekBoy]

No custom software at all. One of our clients happens to involve the "authorities." They have very specific requirements for support and software.

I'm amazed. Astounded.

Do you have time to fix busted code across more than 100 different software applications? Across environments that are not connected to each other? Across different clients? On different OS/Hardware platforms? When you also have to look after many other pieces of the environment, and architect, and document, and deploy for each environment simultaneously? I doubt it. It's easy to sit on your high horse and "take the moral high ground" while criticizing, but in reality idealisms rarely work out. It would be nice to go around and muck in the sourcecode of all my software (if it were possible) to fix issues, but really, that's just not practical. (I don't have any issues with applying patches and upgrading software to new versions.)

I don't disbelieve you, but I have never seen an operation that worked like that, ever.

Then go work for a large outsourcer/consulting company.

Compression algorithms do matter.

[CyricZ]

Compression algorithms matter quite a bit. Remember, if you can save even 100 bytes for every second of data flow, that adds up quickly. That's 6000 bytes/minute. That's 360000 bytes/hour. That's 8640000 bytes/day. Over the course of a year you'd save around 3 GB. That can very well impact on bandwidth costs when multiplied by several (if not hundreds of) users.

It's factors like that which make OpenSSL, especially OpenSSL 4.2, very appealing to network administrators who must take into account bandwidth costs.

Re:Compression algorithms do matter.

It's factors like that which make OpenSSL, especially OpenSSL 4.2, very appealing to network administrators who must take into account bandwidth costs.

I think you mean OpenSSH.

Compression algorithms matter quite a bit. Remember, if you can save even 100 bytes for every second of data flow, that adds up quickly.

The bandwidth savings are minor. Many (most?) ssh connections are command line sessions, that are very low bandwidth to begin with.

Only when moving a lot of data over ssh would this savings appear, and zlib was already pretty good.

And for port-forwarding, other techniques like ssl are more efficient than the tcp-on-tcp of ssh port forwarding.

Re:Compression algorithms do matter.

You save 8MB in a day's worth of non-stop SSH (not SSL)...?

I think people pay primarily for bandwidth, not data size. Throw on 3GB/yr and it's really not that much. Increase that by a couple orders of magnitude and it's still not a lot.

For you and me compression algorithms only matter as much as they influence speed. And, depending on your pipe, mostly it slows things down.

Provocative theory, though, captain.

Alternative to X - NX

[La+Gris]

You realy should have a look a FreeNX http://freshmeat.net/projects/freenx/>
FreeNX Server is the Free and GPL'd NX server implementation by Fabian Franz, based on NoMachine.com's NX technology. NoMachine have thankfully licensed the core of NX under the GPL (they provide a close-source commercial NX server product on top of that code, as well as professional support).

The NX protocol let you use remote X display while connected by low bandwidth lines. It require much less bandwith than raw X or X over compressed ssh.

Which idiot makes this insightfull?

[Yaa+101]

So we must stop using one of the worlds best security software because somebody does not like Theo de Raadt?

Are you mod fucking insane?

Re:Which idiot makes this insightfull?

[Homology]

So we must stop using one of the worlds best security software because somebody does not like Theo de Raadt?

Are you mod fucking insane?

There are also many moderators that abuse the moderation system by modding down posts they don't agree with. It's so rampant that I usually meta moderate troll/flamebait as unfair.

Re:Which idiot makes this insightfull?

[zonix]

Are you mod fucking insane?

That'd be a nice modding option, actually: "-1, Fucking insane".

Oh, and I absolutely agree with you!

z

Just use NX

[vlad_petric]

if you don't want to pay for the nomachine license, freenx is pretty decent.

Re:Just use NX

[nurb432]

I havent managed to get it working under freebsd yet..

But it does look like its got promise. I tried the demo once, and was impressed.

Slowing down dictionary attacks

[RAMMS+EIN]

I had an instance of an attacker running a dictionary attack on my sshd the other day, and I was surprised by how many logins he could test per second (he was using multiple connections). I asked on #openbsd about ways of slowing down such attacks. This is the advice I got:

1. Run sshd on a different port. The scripts won't find you there. I don't like this option, because it requires me to specify the alternative port every time i ssh, scp, rsync, or svn. It's still about the easiest and most effective method.

2. Limit the connection rate to the port you're running sshd on. In many scenarios, it won't hurt you if you can't connect to it more than once in 5 seconds, but this will make a dictionary attack from a single machine very tedious. In OpenBSD 3.7, you can use pf with max-src-conn-rate.

3. Use a script like DenyHosts to monitor your authentication log, and add suspicious hosts to a block list (either temporarily or permanently). This looks like a very nice solution to me.

4. I got this one from my girlfriend: disable password authentication and use key-based authentication instead. This is my prefered solution, except that I have to solve some problems with public key authentication not working from some of the machines I use.

I hope this post is helpful to some of you. If you have any other methods that you would like to mention, I'd be glad to hear.

Re:Slowing down dictionary attacks

UNIX has had exponential backoffs forever. Mess up one time, you get a 1 second delay. Mess up twice, you get to wait 2 seconds, etc. I wonder why that couldn't be done in an ssh context.

Re:Slowing down dictionary attacks

[Just+Some+Guy]

I got this one from my girlfriend: disable password authentication and use key-based authentication instead. This is my prefered solution, except that I have to solve some problems with public key authentication not working from some of the machines I use.

Your girlfriend rocks. I always disable password authentication on a new server before I enable sshd for the first time. I'm pretty certain I could safely give my root password out on IRC without much risk, although prudence says I'm not completely interested in testing that theory.

What sort of problems do you have with public key authentication? I've been using it for years from both Unix and Windows clients without problem. If you're feeling particularly 1337, GSSAPI authentication is pretty darn convenient and not all that hard to configure these days.

Re:Slowing down dictionary attacks

[RAMMS+EIN]

``UNIX has had exponential backoffs forever. Mess up one time, you get a 1 second delay. Mess up twice, you get to wait 2 seconds, etc. I wonder why that couldn't be done in an ssh context.''

This exponential backoff system works when you're trying to log in from a tty. When SSH, the system doesn't know whether this is the same user trying to authenticate. It's similar to sitting in front of a Linux box, trying to log in on VT 1, and when it backs off, switch to VT 2, and so on.

The situation could be improved somewhat by sshd tracking failed logins by IP address, and disallowing that IP address from logging in for a while. However, this complicates sshd and isn't really bullet proof, what with NAT making any number of machines appear to have the same IP address.

Re:Slowing down dictionary attacks

[jsveiga]

For your item "2", on Linux, you can use iptables "recent" module to limit the time between new connections from the same IP. That cut the dictionary attacks on my server on the first attempt:

iptables -A INPUT -j ACCEPT -p tcp ! --syn -s 0/0 -d (outer ip/net)
(you probably have this on your firewall already, allowing previously established connections)

iptables -A INPUT -p tcp -i eth0 -m state --state NEW --dport 22 -m recent --update --seconds 15 -j DROP
iptables -A INPUT -p tcp -i eth0 -m state --state NEW --dport 22 -m recent --set -j ACCEPT

These two will only allow new connections from the same IP with 15s intervals between them. Add them to your iptables setup scripts (or replace them where you ACCEPT ssh, if that's the case).

BR,

Joao S Veiga

Re:Slowing down dictionary attacks

[RAMMS+EIN]

``Your girlfriend rocks.''

Yes, totally. I feel the luckiest guy in the world for having a girlfriend who's a hacker, too.

``What sort of problems do you have with public key authentication?''

From some machines, it just doesn't seem to use it. If I run ssh with -vv, it gives some messages about "we did not send a packet", then tries password auth instead. I don't have access to such a machine at the moment, otherwise I would be more specific.

Re:Slowing down dictionary attacks

[Realistic_Dragon]

You can always use two SSH demons - one on port 22 that allows only connections with certificates, and one on port rand# that is limited to few retries per second, then a short ban after a few bad attempts, but otherwise normal logins.

Re:Slowing down dictionary attacks

[lmfr]

1. Run sshd on a different port. The scripts won't find you there. I don't like this option, because it requires me to specify the alternative port every time i ssh, scp, rsync, or svn. It's still about the easiest and most effective method.

No need to specify the port every time on the comand line. Edit one of /etc/ssh_config, /etc/ssh/ssh_config or ~/.ssh/config, and add the configuration:
Host *
Port new_port

That changes the default for every host, so you'll probably decide to define only for your hosts (Host myhost).

Re:Slowing down dictionary attacks

Holy crap, you are one lucky geek. You have a girlfriend who understands SSH and digs public-key encryption. Now you just need her to probe your ports ;-)

Re:Slowing down dictionary attacks

You could try using OTP as a fallback to key authentication, though I don't know if that'll improve your situation by much. (still safer then typing a regular password, though)

Re:Slowing down dictionary attacks

[irc.goatse.cx+troll]

I've ran into that atleast once before, but even additionally I'd never want to entirely disable password auth because then what if something happens to your privkey? Think katrina-sized destruction taking out your computer/entire house + the bank that housed your backup usb thumbdrive.
Or even a more realistic scenario, sometimes you just want someone else to be able to log into your machine, be it a friend helping you or even an admin at a datacenter that doesnt want to have to dig out a keyboard+monitor to do a local login.

Re:Slowing down dictionary attacks

I was looking at a solution like your #3 (DenyHosts), but although it would be effective against dictionary and brute-force attacks it offers no protection against a newly-discovered or unpatched security flaw in the OpenSSH server.

I kept looking and fell in love with port knocking. There are many implementations and variations on the concept floating around, but the single best source of information that I found is at http://www.portknocking.org/ which in addition to an entire education on the topic, offers a very good free Perl implementation that the author walks you through the workings of, plus links to many other implentations.

The drawback to this is that you need to keep available a port knocking client in addition to an ssh client, which may be awkward if you need to connect from many different workstations (or especially while traveling), or if you have many users who need to connect.

Re:Slowing down dictionary attacks

[mpol]

3. Use a script like DenyHosts to monitor your authentication log, and add suspicious hosts to a block list (either temporarily or permanently). This looks like a very nice solution to me.

You will want to use a temporary block list. An attacker can always hose up your network by using other source addresses, like from your mail provider, or another office connected through a vpn.

Re:Slowing down dictionary attacks

[mcphail]

"The situation could be improved somewhat by sshd tracking failed logins by IP address, and disallowing that IP address from logging in for a while."

The DenyHosts script mentioned above does exactly this, updating /etc/hosts.deny as appropriate. When I installed it, I set it as a cron job to run every 20 minutes. Looking at the logs I was astonished to see how many login attempts were made between scans. Now I run the script in --daemon mode which helps.

Give it a try.

Re:Slowing down dictionary attacks

Hacker *too*? Yeah, you are really some l33t hacker. May I please inquire how to aspire to great hackerdom?

Re:Slowing down dictionary attacks

[crawly]

I personally use the following to limit the number of connection attempts on my SSH server. The limit is set for only 3-connections in a minute, the first 2 exhaust the limit-burst, which then takes a minute to refill, effectively limiting the connection attempt rate to 1/minute.

iptables -A INPUT -p tcp --dport ssh -m limit --limit 3/minute --limit-burst 2 -j ACCEPT

Re:Slowing down dictionary attacks

[GuyverDH]

Write some scripts, to use in the inetd.conf (or xinetd, if you like), that write numbers into a temporary file. The numbers will be converted into an IP address, by the final "trigger" script.

The final trigger script, takes the different numbers, compiles them into the IP address (use Hex, if you prefer, for fewer knocks), then writes a temporary sshd_conf file to use with a non daemon sshd spawn.

This limits the connection availability to a single shot. Once you've connected, done your business, and disconnected, that's it. It cannot be re-used.

I also spawn a timer for the SSHD which only allows it to stay awake for 60 seconds, and with the config file written to only allow connections from the single IP address, it works pretty slick.

By having multiple ports that write the same numbers, and multiple triggers, you can go through quite a few connections, without ever repeating the same port sequences.

Now, if only I were to take the time to write this up in C, instead of shell, I could even just make it a combination knock (kind of like a Dial-a-Lock) that worked for the originating IP address.

This whole practice can be a nuisance if you are being scanned =D
(this is why the C routine would be nice)

Re:Slowing down dictionary attacks

Why not use tcp wrappers to limit incoming ssh connections to only known hosts?

Re:Slowing down dictionary attacks

[GuyverDH]

What happens, when you're on the road, and need to do some admin work from a friends broadband connection? Or a hotel's Wi-Fi?

Re:Slowing down dictionary attacks

[accessdeniednsp]

no no no no...

If you want replies for previously accepted requests, do NOT use ! --syn
Instead you should use the state table (which is what iptables was designed for).

iptables -A INPUT -j ACCEPT -s 0/0 -d (outer ip/net) -m state --state ESTABLISHED,RELATED

This is light years more efficient and secure. Also check out the iptstate package so you can actually see what is in the magic state table.

Re:Slowing down dictionary attacks

[accessdeniednsp]

Bah, I should clarify (sorry for not doing this first and sounding like an ass):

By accepting only non-syn packets, you are opening yourself up to "ACK" attacks and old-school router-penetrating scans. Also, things like 'ippacket' can forge packets by setting arbitrary bits. If the 'ack' flag is set (or in the case of your rule, anything including RST, PSH, URG, and even the two reserved bits), then the packet will zing right through your rule.

In this instance, the packet will pass thru the firewall, on to the destination host, which will then reply accordingly:

* If the port is not open, it will reply with ICMP Port Unreach (Type 3, Code 3) signifying a host is alive.

* If the port is open and these flags don't make sense to the host (invalid ACK window, or a FIN/ACK received without a FIN, or an ACK without a SYN, etc) then the host will reply with RST for that port. Implying the host is alive and that port is open.

These responses will only lead to further probes, etc.

For those who preach NAT until the cows come home, this will still happen because your firewall is still gonna un-NAT it and send it onward.

NAT will offer no protection in this situation. (and please do remember that the entire intar-web-net doesn't run on NAT. NAT is not a magical security tool and offers very little advantage with a magnatude of disadvantages, especially for high-load servers)

The state table checks, first, to see if the packet parameters match what has already transpired, session-wise. You can adjust the state timeouts to decrease or increase the time a session will remain 'open'. Now if the sessions are closed, it's removed from the state table period. No reply attacks, etc. The classic "Mitnick" attack will be avoided, too.

The state has expectations of how the packets flowing through should be handled. If you put the "-m state" checks very early in your ruleset, watch it with "watch iptables -L INPUT -nv" and then watch with 'iptstate' in another window. You'll see the first packet of a session (the initial SYN) will go thru the ruleset and be placed in the state table (upon being accepted of course)

EVERY packet from now until the final FIN/FIN-ACK will be matched against the state table in memory. The rule you are watching will only have ONE hit (for that session) even if you're transferring billions of bytes. The remainder is checked against the state table. It's very very cool and very very efficient and quite fast.

Anyhoo.. just wanted to clarify *why* you shouldn't use the ! --syn parameter.

Re:Slowing down dictionary attacks

[Jubal+Kessler]

> Run sshd on a different port. The scripts won't find you there. I don't like this option,
> because it requires me to specify the alternative port every time i ssh, scp, rsync,
> or svn. It's still about the easiest and most effective method.

Just create a .ssh/config file for your host and spec the port there, along with other
neat-o options. See ssh_config(5).

Re:Slowing down dictionary attacks

[stor]

disable password authentication and use key-based authentication instead.

That's one thing I do. Get it working and Just Do It(tm). It will let you sleep better at night.

You may need to learn about ssh-agent. *sigh* ssh-agent rocks but it's another one of those things that's really easy to use once you know what's going on but before then you could be banging your head against it. The commands you need:

ssh-add
ssh -A

I always chmod 700 ~/.ssh and chmod 600 ~/.ssh/authorized_keys2. Make sure you have that right because ssh won't work with the permissions of this file and directory being too lax OR restrictive.

In sshd_config, reduce the value of "MaxAuthTries" down to 2 (by default I believe it's at 6). That's a bit more discouragement for the wankers.

And of course, change PermitRootLogin to "no".

Cheers
Stor

Re:Slowing down dictionary attacks

[ddente]

> From some machines, it just doesn't seem to use it. If I run ssh with -vv, it gives some messages about "we did not send a packet", then tries password auth instead.

Suggestion: check the permission of the ~ and of the ~/.ssh directories, and of the files in the ~/.ssh directory.

ssh do a sanity check to see if anybody apart from you can modify those files

Re:Slowing down dictionary attacks

[fecalpyramid]

1. Run sshd on a different port. The scripts won't find you there. I don't like this option, because it requires me to specify the alternative port every time i ssh, scp, rsync, or svn. It's still about the easiest and most effective method.

You can especify a default port to connect to the target host in .ssh/config.

Host myhost1.com
User user1
Port 12345

Host myhost2.com
User user2
Port 54321

Re:Slowing down dictionary attacks

[jsveiga]

Thanks! I'll change that right now.

That "established connections" rule came with scripts I've downloaded about 8 years ago (ipchains?), and I never gave it a second thought...

Out goes the ! --syn...

Re:Slowing down dictionary attacks

OpenSSH should handle this.
Modifying a firewall on a remote machine is not a simple thing for people to do. And modifying it on the fly with things such as APF Firewall and "bfd" is just asking for problems later and is a patch to get by at best.
OpenSSH should handle this.
OpenSSH should handle this.
How many times do I have to say it?
The "god" of this project says he won't do it, ever. Why? Well, he's god and you aren't.
Feel free to change his mind.

Re:Slowing down dictionary attacks

I got this one from my girlfriend: disable password authentication and use key-based authentication instead.

Your girlfriend rocks.

Indeed she does. We should all be so lucky.

Of course, having a computer savvy girlfriend/wife would cause some problems too -- like `How are you going to hide your porn from her?'

Putting it in a directory called ... or trash won't work -- she knows how to use find and du.
Permissions won't work -- she'll probably have root.

I guess you could go old-school and buy VHS tapes and keep them in the garage, though a truly geeky girl might actually find reason to go out in the garage as well.

Of course, some women don't mind porn, and a small minority like it, but the odds of finding one of these women who's also a geek? Doesn't seem likely.

Of course, porn gets boring after a while anyways. But having a geeky wife ... that might not get boring ever!

Re:Slowing down dictionary attacks

[ScriptedReplay]

That's ok ... as long as you're not afraid of being locked out of connecting by a script DOS-ing your server through the limit module. Plus, it does not help a lot unless you set a small number of retries on failed passwords until sshd drops the connection (by default, MaxAuthTries is 6) You might want to also look into MaxStartups and LoginGraceTime for extra tweaking.

Re:Slowing down dictionary attacks

[ScriptedReplay]

One could put up an argument against treating public key authentication as a final answer. You can't enforce passphrase length - and one user with an empty passphrase private key on a compromised machine is worse than a weak password - the attacker will just get the proper account and key from .ssh/config, no need for a keylogger. Add to that agent forwarding and it can quickly become a nice mess; that's not to mention security implications for ssh-agent itself - even a good passphrase won't help if a compromised root can just get/use the key from the agent. Also, depending on your network setup, removing compromised public keys can be tedious for sysadmins (relying on users to realize the compromise and handle it might be ... dangerous under some circumstances). Finally, the reasoning framework that assumes 'stupid' keyloggers that will log the passphrase but never figure out the key that goes with it is bound to come and bite you from an unexpected direction at some point in the future. [*]

That said, I do like the per-key restrictions in .ssh/authorized_keys (especially the "from" option)

All in all, PKA is certainly a good tool - but not to be applied blindly. And as always educating the users is the weak link. Meanwhile, if you're stuck with passwords, enforcing a good long password should make the brute-force scripts more like a huge-log nuissance to be handled with the likes of DenyHosts.

[*] yeah, I know I'm kind of paranoid. On the flip side, according to Lacan human knowledge is paranoiac (being built on deception) so I should be in good company ;-)

Re:Slowing down dictionary attacks

[Merlinus]

I wrote a script to stop brute force ssh attempts after I got tired of seeing so many frequent attempts on my server. It's a Perl script, see http://erichendrickson.org/output/scanassassin/. It has been tested on Linux and FreeBSD but shouldn't be hard to make it work on other Unices - if you need help, send me a sample of your logs.

It works by adding the offending ip/hostname to /etc/hosts.deny after a configurable number (default 10) of failed authentication attempts. Not restricted to ssh, also works on ftp attempts or anything that uses the same authentication mechanism as ssh (such as pam under Linux).

I have swatch call it when it matches a line in the log file, but it can also be run from the command line or cron on any log file. I have a short to-do list of new features in the comments. This appears to be very basic compared to DenyHosts but gets the job done cleanly and quickly.

Works like a charm and it's a real pleasure to see these almost daily attempts getting shut down.

Re:Slowing down dictionary attacks

[yowie333]

Just to add my 2 cents worth. I found a nice blacklisting script for linux. Easy to install and works great. You can tell the script how many failed passwords or failed users to allow before a temp or permanent ban by IP. http://www.pettingers.org/code/sshblack.html Open source, isn't it great Cheers Paul

Re:Slowing down dictionary attacks

[gid]

I just tried adding that rule. I logged into an external machine, and then tried sshing to my machine more than 3 times, and then telnetting to my machine more than 3 times, and it kept letting me in.

-d option for scp?

[Wills]

I'd really like to see a -d option added to scp for copying symbolic links as symbolic links rather than the files to which the sym.links point. The cp command has it (see man cp for details).

As a workaround you can wrap all the remote files in a temporary tar file to protect any sym.links etc, then scp the tar file and untar the tar file after the transfer but it would be much quicker and simpler if you could use scp to do this.

Re:-d option for scp?

or you could just use rsync over ssh instead

Re:-d option for scp?

[Jerf]

Leaning on tar is probably a better solution anyhow.

I don't know your exact needs, but you can make this easy on yourself with a very short shell script, or even just an alias. Instead of using "scp", use "ssh" directly, something like:

ssh [your login here] -C 'tar c $*' | tar x

This runs "tar" on the remote server, $* is trying to convey the idea of passing all the params of the script/alias to the remote tar, and outputs to stdout. ssh redirects stdout across the network to its own stdout, which is then piped to local tar for extraction. -C compresses the stream, which is probably Good Enough, but under certain circumstances (CPU time vastly outweighs transfer time, think modem transfer here) it can be worthwhile to add bzip2 into the mix:

ssh [your login] 'tar c $* | bzip2' | bunzip2 | tar x

Tune the script to your needs, and the reverse script is pretty easy too; ssh will redirect its stdin across the network just as easily if you use it in a pipe.

Note there is never a temporary file.

I belabor how this works because it took me a while to fully grasp how cool it is that ssh makes the Unix pipe idea fully work across the network. Note you can set up pipes on the remote side in the ssh command if you escape it correctly (apostrophes will usually do, but shell escaping can get evil). scp is more "convenience script" than "fundamental tool".

Re:-d option for scp?

[Wills]

Thanks, that's another good way of doing the same thing. My point is simply that it would be more convenient to have a -d option in scp but it's certainly not an essential thing to have in view of the many workarounds that are available.

Re:-d option for scp?

[Wills]

Thanks, that's a good method for certain situations. However, having a -d option in scp, thus avoiding the need to use any external helper programs like tar and rsync, would be even more convenient in general. It would also have the benefit of making scp more similar to cp.

The current workarounds for not having a -d option in scp tend to be problematic in various ways. For example, using tar becomes quite tedious when you want to copy only files in a particular directory, without recursively copying any sub-directories and their contents.

Another issue is that using a script or alias to run the tar command causes it to be re-run from scratch every time the script gets re-started following an interruption, e.g. a network problem, which can be extremely wasteful when copying large numbers of files, compared to using a carefully implemented -d option in scp which could reasonably decide not to copy files again that already exist at the destination, e.g. because they were previously successfully copied, unless you request scp -f to forcefully copy the files again, clobbering the existing destination files.

Having a -d option in scp is obviously not anything like a critical need. It would be simply be very handy and logical by comparison with cp to have that functionality inside a single command.

GSSAPI

[Craig+Ringer]

GSSAPI, in case anyone here is unfamiliar with the term, is pretty much Kerberos 5. It's a key-based network authentication and security scheme used on many UNIX networks, and in a bastardised form by Windows AD domains.

It's also been on my "I really must implement that" list for waaaay too long. I find that more basic TLS-and-client-cert schemes do the job well enough most of the time.

Re:GSSAPI

[Just+Some+Guy]

It's also been on my "I really must implement that" list for waaaay too long.

I finally got around to setting up a KDC for my domains. It's nice to run "kinit" once, and then have full access to every machine I'm supposed to have full access to. Implementing Kerberos for one service is massive overkill. Implementing it for IMAP, SMTP, LDAP, etc. at the same time is bliss.

The FreeBSD Handbook has a nice chapter on the subject. O'Reilly's "Kerberos: The Definitive Guide" is an excellent reference as well.

Re:GSSAPI

[Libor+Vanek]

I was on some conference (Samba eXPerience) and there was talk about AD Kerberos modification - I just remember one thing ("executive summary") - Microsoft's modifications to Kerberos are very very usefull and they are done in quite "clean" and "kerberos"-way and are necessary for using Kerberos in large scale networks (you could use Kerberos without them but you'll lack some functionality). Please no flame - of course that MS fucked up the way of implementing this (they should made the changes more open way and discuss it more with Kerberos community).

Re:GSSAPI

GSSAPI also makes X.509 PKI and smart card access availiable. Though right now kerberos 5 is the only implementation. PKI and PKINIT (public key kerberos) is already used in globus GRID computing (GSI) and hopefully will be implimented in the main branch soon.

Re:GSSAPI

[Yeechang+Lee]

I finally got around to setting up a KDC for my domains. It's nice to run "kinit" once, and then have full access to every machine I'm supposed to have full access to.

Yes, this *rocks*. I love being able to log into my iBook with my Kerberos password, then as part of the OS X authorization process getting a Kerberos ticket that I can then use to SSH into my Linux boxes. With OpenVPN, I can do the exact same thing from on the road, such as the hotel room I'm sitting in right now.

This wasn't very hard to set up. I had to install DarwinPorts' OpenSSH binaries on the iBook because neither the stock nor the Fink versions have GSSAPI support compiled in. I also had to make some modifications to /etc/authorization and install some Kerberos-related PAM modules on the iBook.

Re:I get a truckload of dictionary attacks

[xiando]

..on any given day.

Box #1:
grep "authentication failure"
/var/log/messages|wc -l
1362

Box #2:
grep "authentication failure" /var/log/messages|wc -l
1520

Thank you very much for more great SSH tips, I hope you do not mind I recycled them at http://en.linuxreviews.org/Ssh (it is a wiki, so I can easily remove your work if you mind, or you can do it..) :-)

Did that say signed vs. unsigned integer bugs?

[suitepotato]

Isn't that a subject covered somewhere around the fourth or fifth class for ANSI C? And it took this long?

My how time flies when you're too busy with the bigger picture... At least they actually got around to the bug hunting.

Re:Did that say signed vs. unsigned integer bugs?

[shani]

Unfortunately due to bad language design, finding signed/unsigned problems is often a subtle problem in C.

Here is a phrack article on the topic.

Personally, I think the OpenBSD folks are doing things the hard way, by using an insecure language as the foundation of their work. That's the problem with C - you have to remember everything you learned over years of programming, all the time, or you risk making a mistake that can not only cause crashes, but ultimately compromise your entire machine, if not your entire network.

But having said that, I do use OpenSSH and occasionally OpenNTPd (on machines with interfaces that go up and down a lot). :)

Re:Did that say signed vs. unsigned integer bugs?

[dmiller]

We have checked the code for these problems before, but these changes are about changing internal APIs so mistakes are easier t see and more difficult to make in new code.

Re:I get a truckload of dictionary attacks

[RAMMS+EIN]

``I hope you do not mind I recycled them at http://en.linuxreviews.org/Ssh''

I most certainly don't mind, otherwise I wouldn't have posted them here. You might want to change the wording, though. It sounds a bit strange the way it stands. If you do that, could you also change the link to my site to read "inglorion" instead of "Bob"; I prefer to use my handle rather than my name when it's not about personal communication.

Anyway, thanks for putting it there!

DenyHosts alternative.

[eddy]

Didn't know about DenyHosts, wrote something similar in sshd_failed_ips.pl. I didn't want a deamon or cron job when it's completely unnecessary, though me script does depend on TCP wrappers (any dist. not running that by default?)

Worth the wait

[usageman]

I have waited along time for the release of the new OpenSSH 4.2 . I hoped they fixed the bugs and added soem goodies to this edition anyone here picked up a copy yet? I just hope it is everything it was talked up to be.

Proactive?

[non-poster]

proactive changes for signed vs. unsigned integer bugs

Proactive changes for existing bugs? If the bugs are already there, then "proactive" is not the right word to use. See webster.com for "reactive".

Re:Proactive?

Where does it say the bugs are existing?

Re:Proactive?

[glitch23]

Proactive in this case means "before a cracker finds the bugs and exploits them" and not "before they were created to begin with". So it depends on what their point of view was when they wrote it as to whether or not they used the word correctly.

Re:Proactive?

[dmiller]

Your lame sarcasm aside, these were changes to internal APIs to make signed vs unsigned errors more difficult for developers to make. E.g. we changed several internal functions to not accept or return signed values, thus eliminating the need for signed integers in many contexts. So yeah, it is proactive.

Re:Proactive?

[stab]

Tsk, you added an "existing" where there shouldn't have been one.

There are various levels of paranoia you can aim for when performing a code sweep, depending on your gcc compiler options (-Wall -Wsign-compare -Wshadow). So we tend to do it in stages so that we can look at chunks of code rather than huge unparsable diffs that will let bugs sneak through (there were a number of integer warnings slowly fixed in earlier releases, but Damien went through and cleaned up all the remaining ones for this release).

The atomicio change is definitely proactive, as we updated its API to be safe with respect to signed/unsigned comparisons. The old atomicio would return a -1 on error (ssize_t), as it was designed to provide a close match to the normal read/write calls. However, if there is no error, then the result has to be cast to an unsigned int (size_t), as the size of the buffer passed could possibly be larger than the value that a signed integer could hold. You can see the potential for confusion there...

Now, the new atomicio is much simpler. It always returns a size_t, and 0 is used to indicate an error. Because 0 is also used to show EOF, we simply use the errno variable to detect that (by setting it to EPIPE).

A typical use is now:


if (atomicio(read, ..., len) != len) err(1,"read");


which is nice and easy to read. These integer bugs are tedious and hard to spot; a very dangerous combination in open source software as it means only the bad guys tend to look for them :)

Upgrade?

[Compenguin]

Is it recommended that I upgrade OpenSSH to 4.2 on my OpenBSD 3.7 system?

Re:Upgrade?

[dmiller]

Yes, it is already on the OPENBSD_3_7 branch.

HPN-SSH, faster network performance

http://www.psc.edu/networking/projects/hpn-ssh/

there is a patch called HPN-SSH that addresses some issues in ssh that users encounter if they have access to faster networks. SSH has some static flow control buffer values that limit network performance. The work at PSC by Chris Rapier and Michael Stevens is really nice, is proven to work and is gaining (some) broader acceptance.

take it for a test run and if you like it, please encourage the OpenSSH folks to add it into the main trunk.

rsync is your friend

[Chip+Salzenberg]

Just set RSYNC_RSH=ssh (which you should have done anyway), and use 'rsync -a'. Copies not just symlinks but other attributes (rather like scp -p).

Then add '-H' to preserve hard links. (Why isn't -H part of -a? Oh well.)

Re:rsync is your friend

[drsmithy]

Then add '-H' to preserve hard links. (Why isn't -H part of -a? Oh well.)

FYI (from the rsync man page):

Note that -a does not preserve hardlinks, because finding multiply-linked files is expensive. You must separately specify -H.

RSA says that 1024 bit = 80 bit symmetric, not 128

Why do you think 1024 bit asymmetric is roughly equivalent to 128 bit symmetric when numerous sources say it is closer to 80 bit symmetric?

Here's a quote from RSA Security:

"The design confirms that the traditional assumption that a 1024-bit RSA key provides comparable strength to an 80-bit symmetric key has been a reasonable one." -- http://www.rsasecurity.com/rsalabs/node.asp?id=200 4

And I don't believe any literature says 1024-bit DH key provides 128-bit symmetric key strength either. Where did you get your info?

Simple hack: sleep(10)

[HermanAB]

I simply added a sleep(10); to the file auth-passwd.c and recompiled.

int
auth_password(Authctxt *authctxt, const char *password)
{
        struct passwd * pw = authctxt->pw;
        int result, ok = authctxt->valid;
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
        static int expire_checked = 0;
#endif /* Password authentication delay */
                sleep(10);

That slows all password authentication attempts down enormously. ./configure --prefix=/usr --sysconfdir=/etc/ssh
make
make install
service sshd restart

La Voila!

Mod this nonsense down, its all wrong.

[Some+Random+Username]

1024 bit asymmetric keys for ciphers that rely on the assumed difficulty of factorization are about as difficult to break as 80 bit symmetric keys. And there is no reason to think it will stay that way, people continue to work on finding newer, more effectient methods of factorization.

Everyone knows a better algorithm than brute force: General Number Field Sieve, Number Field Sieve, Quadratic Sieve, and its likely new methods will be found. You don't brute force assymetric keys, brute forcing 1024 bit keys asymmetric keys would take just as long as brute forcing 1024 bit symmetric keys, that is to say it is not possible. Brute force means simply trying every possibility, the algorithm doesn't matter in that case. Trying 2^1024 possibilities is trying 2^1024 possibilities, regardless of how the key was generated or what its used for.

And finally, 1024 bit keys could certainly be broken without all the power of the sun, you are talking out of your ass, plain and simple. In fact, Bruce Schneier always says its likely that a billion dollars would be enough to put together the hardware required to break a 1024 bit key.

Re:RSA says that 1024 bit = 80 bit symmetric, not

Out of his ass, as usual.. This is /.

Lets all support SCO! :)

[Xtifr]

Yup, that, perhaps combined with a certain natural reluctance to support a company whose main business seems to be litigation and FUD, rather than software, these days. Frankly, I'm a bit surprised that any Unixware enhancements were added at all. I suppose it's not the customers' fault that their vendor has turned into a rabid dog, but still....

personal skills

[OneArmedMan]

There was a quote i heard once, it went something along the lines of this.

"He was a supremely arrogant man, but he carried it well, because he was usually right."

This wasnt made as a reference to Theo at the time, but it seemed apt

Not a "Linux tool" per say...

Just FYI, this is NOT a "Linux" tool. It's more of an OpenBSD thing than anything else, to be frank. It's just that it was made portable, ported to Linux, and other OS's... Not trying to be ignorant here, but this is just for your own understanding and others. Check it out when you can - www.openssh.org. Regards.

Mod the liar down...

(anon to avoid karma whoring)

From the release notes:
"Added a new compression method that delays the start of zlib compression until the user has been authenticated successfully. The new method ("Compression delayed") is on by default in the server. This eliminates the risk of any zlib vulnerability leading to a compromise of the server from unauthenticated users."

Kerberos is not secure / much less secure than PKI

[Nailer]

Kerberos uses symmetric encryption. While unlike regular logins it doesn't sent password hashes across the network (just tokens encrypted with those hashes, that people who entered the right password can decrypt), it's still not secure in that it keeps credentials on the KDC. A compromise of the KDC therefore allows an attackers to pretend to be anyone they want.

No modern authentication system should store secrets on the server, This is the reason we have PKI - we store the certificates on the server, and each user is the only person who has their private key. This means:

- A compromise of the authentication server gives the attacker...public keys, that they could get from anywhere.

- It's more easy to hold a user responsible to accidential or deliberate disclosure of their credentials, because only the user has those credentials.

Kerberos was secure when it was invented, But there's no reason my bank needs to store my credentials on their servers, thank you very much, and there's no reason I feel like letting them be responsible for the security of my account any more than necessary. It's popular because of the single sign on aspect (users get an initial token at login time they can use to auth to NFS servers, mail servers, CVS/SVN servers, web servers, etc without needing to retype their password, at least till then login token expires). And lots of apps - every client/server for web, mail, CVS, SVN, NFS, etc in RHEL 4 for example, supports it. But ssh-agent is almost as convenient for SSO - I just wish more apps accepted digital signatures for logon.

So yeah, I can see why you'd use kerberos for network app support, but it's a poor second cousin to PKI when it comes to security.

Hey you insensitive clod!

[ImaLamer]

A new version of my favorite Linux tool!

Hey the SSH server and client can work on Windows too! Install Cygwin to find out. I've been using Cygwin/SSH for about 6 months now and I love it. SSH into the machine, remote (secure) VNC, scp/sftp it's all there and was pretty simple to setup.

I love Cygwin more, because it gives me SSH, but without each other I wouldn't use either.

Still no traffic accounting?

[Crass+Spektakel]

One of the major drawbacks of OpenSSH was the lack of a per-account/per-key based traffic-accounting. I always had the impression that the developer of OpenSSH opposed the basic idea of getting precise data about how much everyone did even if it still is possible for the admin to track everything from outside SSH.

Coolest new feature: automatic multiplexing

[Ed+Avis]

For end users, perhaps the best feature in this release is

        - Added ControlMaster=auto/autoask options to support opportunistic
            multiplexing (see the ssh_config(5) manpage for details).

'Multiplexing' means running more than one session across the same ssh connection. So if you use CVS over ssh, or rsync over ssh or even just lots of remote commands, you don't have to start up a new connection for each one. The first ssh connection stays running and new sessions are opened over it. This cuts down the initial network traffic a lot. Great news for modem users and a worthwhile improvement in responsiveness for everyone else.

You need to set up ControlMaster=auto in your ssh_config, which can be in your ~/.ssh/ directory.

Re:Kerberos is not secure / much less secure than

[assantisz]

Yes, this is correct. Kerberos is only as secure as your KDCs. The developers of Kerberos did not make a secret out of this, though. That said, Kerberos makes a lot of sense in some environments and not so much in others. You always have to choose the best tool for the job.