Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

"It runs like _x, where _x is something unsavory" -- Prof. Romas Aleliunas, CS 435


computers / comp.security.ssh / Public Key Authentication With SSH Proxy (MITM)

SubjectAuthor
* Public Key Authentication With SSH Proxy (MITM)michaelmathisjr
+- Re: Public Key Authentication With SSH Proxy (MITM)Simon Tatham
`- Re: Public Key Authentication With SSH Proxy (MITM)michaelmathisjr

1
Subject: Re: Public Key Authentication With SSH Proxy (MITM)
From: Simon Tatham
Newsgroups: comp.security.ssh
Date: Sat, 23 Nov 2019 08:48 UTC
References: 1
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED!not-for-mail
From: ana...@pobox.com (Simon Tatham)
Newsgroups: comp.security.ssh
Subject: Re: Public Key Authentication With SSH Proxy (MITM)
Date: 23 Nov 2019 08:48:56 +0000 (GMT)
Lines: 38
Message-ID: <C3v*EYJDx@news.chiark.greenend.org.uk>
References: <97ae2c52-a8d6-4103-b036-32b6aa0d3b03@googlegroups.com>
NNTP-Posting-Host: chiark.greenend.org.uk
X-Trace: chiark.greenend.org.uk 1574498938 22392 212.13.197.229 (23 Nov 2019 08:48:58 GMT)
X-Complaints-To: abuse@chiark.greenend.org.uk
NNTP-Posting-Date: Sat, 23 Nov 2019 08:48:58 +0000 (UTC)
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: simon@tunnel.thyestes.tartarus.org ([172.31.80.4])
View all headers
<michaelmathisjr@gmail.com> wrote:
I have enabled SSH inspection on a firewall.

In less euphemised language: your firewall is deliberately, under your
own control, performing a MITM attack against SSH connections passing
through it?

I am able to SSH successfully to a server with password
authentication; however, when I use public key authentication, it
fails.

Good! That is an intentional feature of SSH public key authentication,
and it's always reassuring to hear that it's working as designed.

The signature created by the client during public key authentication
has to be a signature on some particular data. To prevent replay
attacks, it has to be different data every time. But instead of the
server sending a challenge of its choice, the protocol design instead
arranges that the client signs the 'session id', which is a by-product
of the key exchange phase and is a secret known only to the two
endpoints of the connection.

So, if you MITM a connection that uses PK auth, then your key
exchanges with the client and server will generate different session
ids. During authentication, the client sends you a signature on
*their* session id, but that - on purpose - is not enough information
for you to produce a matching signature on the *different* session key
that you share with the server.

Is there any possible workaround?  For instance disabling integrity
checking (which doesn't appear to be possible in OpenSSH.)

If there is, then it's a bug in the protocol!

Remember that everybody involved in the design and implementation of
SSH is specifically aiming to *prevent* the thing you're asking for
help doing. If we knew of a hole like that, we'd be busy *fixing* it,
not documenting it carefully for your benefit.


Subject: Re: Public Key Authentication With SSH Proxy (MITM)
From: michaelm...@gmail.com
Newsgroups: comp.security.ssh
Date: Mon, 25 Nov 2019 06:50 UTC
References: 1
X-Received: by 2002:a37:9d0:: with SMTP id 199mr24946364qkj.356.1574664634865; Sun, 24 Nov 2019 22:50:34 -0800 (PST)
X-Received: by 2002:a37:8984:: with SMTP id l126mr7868744qkd.382.1574664634502; Sun, 24 Nov 2019 22:50:34 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder7.news.weretis.net!news.uzoreto.com!tr1.eu1.usenetexpress.com!feeder.usenetexpress.com!tr1.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!g89no8091692qtd.0!news-out.google.com!g53ni1134qtg.0!nntp.google.com!g89no8091682qtd.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Sun, 24 Nov 2019 22:50:34 -0800 (PST)
In-Reply-To: <97ae2c52-a8d6-4103-b036-32b6aa0d3b03@googlegroups.com>
Complaints-To: groups-abuse@google.com
Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=97.126.65.125; posting-account=yZp7iQoAAAC1OUYL2-gU-hCHVNiihAZZ
NNTP-Posting-Host: 97.126.65.125
References: <97ae2c52-a8d6-4103-b036-32b6aa0d3b03@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <f7d10904-e862-43d4-9361-80c369b63db3@googlegroups.com>
Subject: Re: Public Key Authentication With SSH Proxy (MITM)
From: michaelm...@gmail.com
Injection-Date: Mon, 25 Nov 2019 06:50:34 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 65
View all headers
Simon,

Thank you for the quick response.  Yes, in this case we are adding a rule to allow SSH to the internet on our corporate firewall for the purpose of administering VMs on a public cloud.  We received a mandate to do SSH decryption for the purpose of blocking SSH port forwarding.

Early on, it seemed to me that we could potentially make this work by generating key-pairs and both distributing them to the developers and also installing them in the firewall.  Based on your response, it seems to me now that even that would be impossible, as the signature is over the session id.  From a security perspective, it makes sense.  If my key pair were stolen, someone could pretend to be me; however, they could still not eavesdrop on my conversations with a 3rd party.

Thank you again.
-Michael 


On Friday, November 22, 2019 at 11:26:34 PM UTC-8, michael...@gmail.com wrote:
Hi,

I have enabled SSH inspection on a firewall.  I am able to SSH successfully to a server with password authentication; however, when I use public key authentication, it fails.

Originally, I thought that would be expected, as the proxy doesn't have the private key of the client.  However, I was looking at the SSH RFCs and the secure transport layer should be established independent of the authentication method, so I would think this should be technically possible. 

I would guess that the problem has to do with the data integrity portion of the protocol; however, I am seeing in the SSH debugs that authentication is failing.

Information on the firewall vendor sites suggests that this doesn't work in their implementation.

Is SSH intercept technically possible with public key authentication?  If not why?  I have seen it mentioned on here that firewalls will break the session id, and it is part of the signature (see below.)  However, I don't see why the firewall wouldn't pass on the same session ID.

Is there any possible workaround?  For instance disabling integrity checking (which doesn't appear to be possible in OpenSSH.)

Thanks a bunch for the help!




RFC 4252              SSH Authentication Protocol           January 2006

   The value of 'signature' is a signature by the corresponding private
   key over the following data, in the following order:

      string    session identifier
      byte      SSH_MSG_USERAUTH_REQUEST
      string    user name
      string    service name
      string    "publickey"
      boolean   TRUE
      string    public key algorithm name
      string    public key to be used for authentication



Subject: Public Key Authentication With SSH Proxy (MITM)
From: michaelm...@gmail.com
Newsgroups: comp.security.ssh
Date: Sat, 23 Nov 2019 07:26 UTC
X-Received: by 2002:a37:bc81:: with SMTP id m123mr9458628qkf.94.1574493992974;
Fri, 22 Nov 2019 23:26:32 -0800 (PST)
X-Received: by 2002:a0c:e847:: with SMTP id l7mr7616708qvo.14.1574493992690;
Fri, 22 Nov 2019 23:26:32 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder7.news.weretis.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!g89no1551452qtd.0!news-out.google.com!g53ni857qtg.0!nntp.google.com!g89no1551445qtd.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Fri, 22 Nov 2019 23:26:32 -0800 (PST)
Complaints-To: groups-abuse@google.com
Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=170.167.195.17;
posting-account=yZp7iQoAAAC1OUYL2-gU-hCHVNiihAZZ
NNTP-Posting-Host: 170.167.195.17
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <97ae2c52-a8d6-4103-b036-32b6aa0d3b03@googlegroups.com>
Subject: Public Key Authentication With SSH Proxy (MITM)
From: michaelm...@gmail.com
Injection-Date: Sat, 23 Nov 2019 07:26:32 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
View all headers
Hi,

I have enabled SSH inspection on a firewall.  I am able to SSH successfully to a server with password authentication; however, when I use public key authentication, it fails.

Originally, I thought that would be expected, as the proxy doesn't have the private key of the client.  However, I was looking at the SSH RFCs and the secure transport layer should be established independent of the authentication method, so I would think this should be technically possible. 

I would guess that the problem has to do with the data integrity portion of the protocol; however, I am seeing in the SSH debugs that authentication is failing.

Information on the firewall vendor sites suggests that this doesn't work in their implementation.

Is SSH intercept technically possible with public key authentication?  If not why?  I have seen it mentioned on here that firewalls will break the session id, and it is part of the signature (see below.)  However, I don't see why the firewall wouldn't pass on the same session ID.

Is there any possible workaround?  For instance disabling integrity checking (which doesn't appear to be possible in OpenSSH.)

Thanks a bunch for the help!




RFC 4252              SSH Authentication Protocol           January 2006

   The value of 'signature' is a signature by the corresponding private
   key over the following data, in the following order:

      string    session identifier
      byte      SSH_MSG_USERAUTH_REQUEST
      string    user name
      string    service name
      string    "publickey"
      boolean   TRUE
      string    public key algorithm name
      string    public key to be used for authentication


1
rocksolid light 0.7.2
clearneti2ptor