Bug 2211

Summary:

Too many hostbased authentication attempts

Product:

Portable OpenSSH

Reporter:

Iain Morgan <imorgan>

Component:

ssh

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

enhancement

CC:

djm

Priority:

Version:

6.5p1

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

2266

Attachments:

Description	Flags
Add HostbasedKeyTypes to ssh(1)	none
Add HostbasedKeyTypes to scp.1 and sftp.1	none
make HostbasedKeyTypes control order as well as select types sent	none

Description Iain Morgan 2014-03-15 10:31:48 AEDT

With the addition of support for host keys using ECDSA and ed25519, the
number of authentication attempts used by hostbased authentication has
also increased. This can make authentication problematic in cases where
hostbased authentication is enabled on both the client and server, but
misconfiguration causes all hostbased authentication attempts to fail.

Since hostbased authentication typically requires updating two (or
three) files on the server side, in addition to the sshd_config, it is
not unusual for there to be configuration issues when allowing a new
client to use hostbased authentication. For example, the client hostname
may be mistyped in /etc/shosts.equiv. Complications can also arise if
the client system has multiple network interfaces, each with distinct
names in DNS; e.g. foo-ge, foo-xge.

The client will attempt to authenticate with each host key until it
succeeds, all host keys have been tried, or the number of allowed
authentication attempts have been exhausted. Thus, four out of the
default six authentication attempts can be used by hostbased
authentication before the user has a chance to attempt public-key or
password authentication. This situation can be made even worse if a host
certificate is also available.

It would be helpful if there was a mechanism to limit the number of
authentication attempts used by hostbassed authentication, so that a
reasonable number still remain for other authentication methods if
hostbased authentication fails.

A simple solution would be to add support for an ssh_config(5) option to
limit the number of attempts, such as HostbasedMaxTries or
MaxHostbasedAuthTries. A more flexible (although more complicated to
implement) solution would be to provide a means of specifying the keys
or key types to try; e.g. HostbasedKeyTypes ecdsa,ssh-rsa.

Comment 1 Iain Morgan 2015-01-10 12:13:37 AEDT

Would it be possible to have sshd disable hostbased authcation if
auth_rhosts2() fails? That would catch the majority of cases where
repeated hostbased auth attempts with different keys is pointless.

In other words, if auth_rhosts2() fails, it will fail for all key types,
so there is really no point in letting the client make further attempts
using that authentication method.

Comment 2 Iain Morgan 2015-01-21 10:00:09 AEDT

Created attachment 2529 [details]
Add HostbasedKeyTypes to ssh(1)

Add support for a HostbasedKeyTypes client option, inspired by and
largely based upon HostbasedAcceptedKeyTypes. This allows the
administrator (or user) to select a subset of the supported key types
for use with hostbased authentication.

Comment 3 Iain Morgan 2015-01-27 08:50:20 AEDT

Created attachment 2532 [details]
Add HostbasedKeyTypes to scp.1 and sftp.1

Comment 4 Damien Miller 2015-01-30 19:59:20 AEDT

Created attachment 2539 [details]
make HostbasedKeyTypes control order as well as select types sent

Most of the other options to control protocol methods specify the ordering they are offered or attempted as well as selecting which are available.

I've modified your patch to control the order too. It's a little more complex, but works OK against my test server. It also updates userauth_hostbased and ssh_keysign to the new post-refactor API.

(patch is against OpenBSD -current)

Comment 5 Damien Miller 2015-01-30 22:44:34 AEDT

patch applied - will be in OpenSSH-6.8. Thanks!

Comment 6 Damien Miller 2015-03-18 18:17:00 AEDT

openssh-6.8 is released