VisualHostKey vs. RekeyLimit vs. VerifyHostKeyDNS
Gerald Turner
gturner at unzane.com
Fri Jan 3 11:04:17 EST 2014
Hello list, I'm not sure whether this is bug worthy or just my own
insanity. I'm using 6.4p1 packages from Debian jessie and
wheezy-backports.
I like VisualHostKey, although it may not add any protection (other than
not trusting ones own known_hosts file?), I've become accustomed to it
as it seems that extra neurons fire when I log into a host and get a
visual cue of what looks like a strawberry or jester hat and suddenly a
catalog of frequent commands relevant to the particular host surface in
mind ;-)
I have two configuration problems that make VisualHostKey less usable.
* RekeyLimit
I'm no crypto expert, pretty much cargo-culting here, but from bits and
pieces I've read, it seems like re-keying is crucial for a cipher like
AES-GCM. Maybe it's just a gut feeling inspired by strongSwan IPsec
daemons which are constantly re-keying.
Every time the cipher is re-keyed, VisualHostKey clobbers the terminal,
usually with broken line feeds such that the ascii-art is unintelligible
and wraps off the right side of the terminal. This is annoying,
especially with a screen(1) full of ssh sessions that may be idle and
re-keyed several times over a weekend, coming back and having to work
through clearing the screens of each session (^L suffices for a shell or
emacs, but sometimes the session is in a curses application, or lost
information while tailing a log, etc.). This gets uglier when making
use of the fantastic ControlPersist options - seemingly logged out ssh
session still blast the initial terminal with re-keying fingerprints.
* VerifyHostKeyDNS=yes
It seems VerifyHostKeyDNS=yes short-circuits VisualHostKey - it's
neither displayed on initial connection, or on re-keying (good).
So I have a funny setup:
For hosts which have SSHFP records, I have set VerifyHostKeyDNS=yes
and ineffectively set VisualHostKey=yes (never prints), and can also
set a timed RekeyLimit rate.
For hosts which don't have SSHFP, I could leave RekeyLimit at the
default (1G none) and rarely see the re-key fingerprints, however in
an all-or-nothing sort of decision, simply set VisualHostKey=no and be
done with it.
Am I missing something? Is there a way to comfortably get VisualHostKey
back? Perhaps a trivial/wishlist bug with re-keying should be filed?
Perhaps this is already solved by bug 2154, "Avoid key lookup overhead
when re-keying":
https://bugzilla.mindrot.org/show_bug.cgi?id=2154
P.S. I think it's wonderful you folks are working on curve25519,
ed25519, and chacha20+poly1305. I've moved a bunch of systems to ECDHE
last year, great speedup, especially from crap Atom clients, but feel
that I've shot myself in the foot after Schneier's denouncement of the
NIST curves.
--
Gerald Turner Email: gturner at unzane.com JID: gturner at unzane.com
GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140102/0c48aa5d/attachment.bin>
More information about the openssh-unix-dev
mailing list