From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] SSH: do not send spoofable TCP keep alive messages
Date: Sat, 10 Apr 2021 14:57:29 +0200
Message-ID: <ff3636d8-43b4-7b6b-b79d-01fadaf82a3a@ipfire.org>
In-Reply-To: <97DF91A7-792D-498B-8145-45851B02EC6B@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2502978540583100286=="
List-Id: <development.lists.ipfire.org>

--===============2502978540583100286==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello Michael,

thanks for your reply.

Which timeout value would you suggest then?

Thanks, and best regards,
Peter M=C3=BCller

> Hi,
>=20
>> On 2 Apr 2021, at 20:27, Peter M=C3=BCller <peter.mueller(a)ipfire.org> wr=
ote:
>>
>> Hello Michael,
>>
>> thank you for your reply.
>>
>> Context-based, I guess you meant "something more useful", didn't you? :-)
>=20
> Seems so. I struggle a lot with auto-correct.
>=20
>> Well, if you like, we can leave 60 seconds here, but I would not go for a =
much
>> longer timeout. If a network issue takes longer than a minute, requiring a=
 re-login
>> looks reasonable to me (it does for 30 seconds also, but hey ;-) ).
>=20
> No, it kills whatever I am running and a 60 second break happens very quick=
ly with a DSL reconnect or rebooting an access point somewhere. Why is that s=
upposed to break the SSH session, too?
>=20
>>
>> Thanks, and best regards,
>> Peter M=C3=BCller
>>
>>
>>> Hello,
>>>
>>>> On 1 Feb 2021, at 18:06, Peter M=C3=BCller <peter.mueller(a)ipfire.org> =
wrote:
>>>>
>>>> By default, both SSH server and client rely on TCP-based keep alive
>>>> messages to detect broken sessions, which can be spoofed rather easily
>>>> in order to keep a broken session opened (and vice versa).
>>>>
>>>> Since we rely on SSH-based keep alive messages, which are not vulnerable
>>>> to this kind of tampering, there is no need to double-check connections
>>>> via TCP keep alive as well.
>>>>
>>>> This patch thereof disables using TCP keep alive for both SSH client and
>>>> server scenario. Further, {Client,Server}AliveCountMax default to 3,
>>>> which is sufficient (3 * 10 sec. =3D broken SSH connections die after 30
>>>> seconds), so we can omit that option. 60 seconds won't have any
>>>> advantage here.
>>>
>>> Is there any considerable downside of increasing this to something more u=
seless?
>>>
>>> I constantly run into broken SSH sessions because of smaller network hicc=
ups (WiFi, VPNs, my crappy ISP, etc.). It would be useful to hold the connect=
ion for a little bit longer so that I can spend more time on fixing stuff ins=
tead of logging back in.
>>>
>>> -Michael
>>>
>>>>
>>>> Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
>>>> ---
>>>> config/ssh/ssh_config  | 11 +++++++----
>>>> config/ssh/sshd_config |  7 ++++---
>>>> 2 files changed, 11 insertions(+), 7 deletions(-)
>>>>
>>>> diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config
>>>> index 2e2ee60c3..ab0967086 100644
>>>> --- a/config/ssh/ssh_config
>>>> +++ b/config/ssh/ssh_config
>>>> @@ -5,7 +5,7 @@
>>>>
>>>> # Set some basic hardening options for all connections
>>>> Host *
>>>> -        # Disable Roaming as it is known to be vulnerable
>>>> +        # Disable undocumented roaming feature as it is known to be vul=
nerable
>>>>        UseRoaming no
>>>>
>>>>        # Only use secure crypto algorithms
>>>> @@ -13,15 +13,18 @@ Host *
>>>>        Ciphers chacha20-poly1305(a)openssh.com,aes256-gcm(a)openssh.com,=
aes128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
>>>>        MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.=
com,umac-128-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh=
.com
>>>>
>>>> -        # Always visualise server host keys (but helps to identify key =
based MITM attacks)
>>>> +        # Always visualise server host keys (helps to identify key base=
d MITM attacks)
>>>>        VisualHostKey yes
>>>>
>>>>        # Use SSHFP (might work on some up-to-date networks) to look up h=
ost keys
>>>>        VerifyHostKeyDNS yes
>>>>
>>>> -        # send keep-alive messages to connected server to avoid broken =
connections
>>>> +        # Send SSH-based keep alive messages to connected server to avo=
id broken connections
>>>>        ServerAliveInterval 10
>>>> -        ServerAliveCountMax 6
>>>> +
>>>> +	# Disable TCP keep alive messages since they can be spoofed and we hav=
e SSH-based
>>>> +	# keep alive messages enabled; there is no need to do things twice here
>>>> +	TCPKeepAlive no
>>>>
>>>>        # Ensure only allowed authentication methods are used
>>>>        PreferredAuthentications publickey,keyboard-interactive,password
>>>> diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config
>>>> index bea5cee53..a9eb5ff14 100644
>>>> --- a/config/ssh/sshd_config
>>>> +++ b/config/ssh/sshd_config
>>>> @@ -47,11 +47,12 @@ AllowTcpForwarding no
>>>> AllowAgentForwarding no
>>>> PermitOpen none
>>>>
>>>> -# Detect broken sessions by sending keep-alive messages to clients via =
SSH connection
>>>> +# Send SSH-based keep alive messages every 10 seconds
>>>> ClientAliveInterval 10
>>>>
>>>> -# Close unresponsive SSH sessions which fail to answer keep-alive
>>>> -ClientAliveCountMax 6
>>>> +# Since TCP keep alive messages can be spoofed and we have the SSH-base=
d already,
>>>> +# there is no need for this to be enabled as well
>>>> +TCPKeepAlive no
>>>>
>>>> # Add support for SFTP
>>>> Subsystem	sftp	/usr/lib/openssh/sftp-server
>>>> --=20
>>>> 2.26.2
>>>
>=20

--===============2502978540583100286==--