Hello,
My plan would be not to change Mina SSHD existing classes, but give
people using Mina SSHD a new class to use fingerprints if needed.
It could be used e.g.:
In org.apache.sshd.server.kex.DHGEX:
private DH chooseDH(int min, int prf, int max) throws Exception {
ModuliFingerprint mf = new ModuliFingerprint();
mf.setSalt(.....);
try {
mf.checkModuliFingerprint(MODULI_FILE, MODULI_FINGERPRINT);
} catch (Exception e) {
throw e;
}
......
Here if moduli was tampered, fingerprints do not match and exception
is generated. SSHD is not started.
Earlier you need to generate fingerprint for the existing moduli file
using createModuliFingerprint() method.
I didn't want to update Mina SSHD existing classes because everyone
who wants to use fingerprints needs to generate its own secret salt
using setSalt() method as in the example above. It has to be secret,
so I did not want to force existing SSHD classes to use fingerprints.
Please let me know your opinion.
Regards,
Pawel
2014-10-13 17:52 GMT+02:00 Guillaume Nodet <gno...@apache.org>:
> How do you plan to change sshd to use this class ?
>
> 2014-10-13 17:07 GMT+02:00 Pawel Sm7 <pawel....@gmail.com>:
>
>> Hello,
>>
>> Please find attached proposal of moduli fingerprint functionality.
>>
>> Please let me know if you have any comments and if you plan add this
>> functionality to Apache Mina SSHD.
>>
>> Regards,
>>
>> Pawel
>>
>>
>> 2014-04-30 16:36 GMT+02:00 Pawel Sm7 <pawel....@gmail.com>:
>> > Hello,
>> >
>> > I have 3 issues I would like to discuss.
>> >
>> > 1. Handling error scenarios if Prime cannot be found.
>> > Mina does not support fallback to weaker Diffie-Hellman algorithm if
>> Prime
>> > cannot be found.
>> >
>> > The failure approach of fall-thru to weaker Diffie-Hellman algorithm,
>> e.g.
>> > Group14 (embedded within the Code) if Prime cannot be found, either due
>> to
>> > MODULI File Access Errors or Prime Not Found in the File, is the typical
>> > approach of most SSH Server Implementations.
>> > OpenSSH follows this paradigm. Also it would help in communications
>> > robustness.
>> > It would be also nice to have a log event when the fallback happens.
>> > Do you agree that this is an issue? When could it be implemented?
>> >
>> > 2. Moduli file integrity handling.
>> > Could you create e.g. a SHA-256 hash fingerprint of the moduli file
>> > contents, store it somewhere and add validation of moduli file using the
>> > fingerprint.
>> > This way we can deal with unauthorized tampering of moduli file. It is
>> > potential security issue.
>> >
>> > 3. Moduli file generator
>> > Is there a roadmap to add a moduli generator so that there’s full support
>> > for group exchange generation and usage within Mina?
>> > e.g. Primes could be regenerated also when moduli file is corrupted.
>> >
>> >
>> > Regards,
>> >
>> > Pawel
>>
