惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Full Disclosure
月光博客
月光博客
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Y
Y Combinator Blog
有赞技术团队
有赞技术团队
PCI Perspectives
PCI Perspectives
云风的 BLOG
云风的 BLOG
MyScale Blog
MyScale Blog
Latest news
Latest news
P
Palo Alto Networks Blog
Blog — PlanetScale
Blog — PlanetScale
Cyberwarzone
Cyberwarzone
P
Privacy International News Feed
Scott Helme
Scott Helme
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
F
Fortinet All Blogs
Engineering at Meta
Engineering at Meta
V
Vulnerabilities – Threatpost
C
CXSECURITY Database RSS Feed - CXSecurity.com
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tor Project blog
S
Securelist
H
Hackread – Cybersecurity News, Data Breaches, AI and More
NISL@THU
NISL@THU
GbyAI
GbyAI
H
Hacker News: Front Page
博客园 - 三生石上(FineUI控件)
S
Secure Thoughts
U
Unit 42
T
The Blog of Author Tim Ferriss
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Cloudbric
Cloudbric
Microsoft Security Blog
Microsoft Security Blog
博客园 - Franky
L
LINUX DO - 最新话题
The Hacker News
The Hacker News
WordPress大学
WordPress大学
博客园 - 叶小钗
阮一峰的网络日志
阮一峰的网络日志
小众软件
小众软件
T
Threatpost
Cisco Talos Blog
Cisco Talos Blog
V
V2EX
L
LINUX DO - 热门话题
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Recorded Future
Recorded Future
K
Kaspersky official blog
S
Schneier on Security
T
The Exploit Database - CXSecurity.com
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知

PrivSec - A practical approach to Privacy and Security

Using IVPN on Qubes OS ChromeOS's Questionable Encryption Setting up MTA-STS with a custom domain on Proton Mail Secure Time Synchronization on macOS Using Native ZFS Encryption with Proxmox Installing Kali NetHunter Lite on DivestOS 20.0 Resources Update your Signal TLS Proxy Android VPN Leakage with Secondary User Profiles ProtonVPN IP Leakage on Linux and Workaround NetworkManager Trackability Reduction Using Mullvad VPN on Qubes OS Firewalling with MirageOS on Qubes OS Desktop Linux Hardening Using Split GPG and Split SSH on Qubes OS Badness Enumeration Using Lokinet on Qubes OS Android Tips Commercial VPN Use Cases Choosing Your Android-Based Operating System Code of Conflict Linux Insecurities Slightly Improving Mailcow Security Threat Modeling Privacy Policy Choosing Your Desktop Linux Distribution About Us Donate Multi-factor Authentication Docker and OCI Hardening FLOSS Security Banking Applications Compatibility with GrapheneOS F-Droid Security Issues
Securing OpenSSH with FIDO2
Wonderfall · 2022-04-10 · via PrivSec - A practical approach to Privacy and Security

Passwordless authentication with OpenSSH keys has been the de facto security standard for years. SSH keys are more robust since they’re cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They’re also easier to manage while enabling a form of decentralized authentication (it’s easy and painless to revoke them). So, what’s the next step? And more exactly, why would one need something even better?

Why?

The main problem with SSH keys is that they’re not magic: they consist of a key pair, of which the private key is stored on your disk. You should be wary of various exfiltration attempts, depending on your theat model:

  • If your disk is not encrypted, any physical access could compromise your keys.
  • If your private key isn’t encrypted, malicious applications could compromise it.
  • Even with both encrypted, malicious applications could register your keystrokes.

All these attempts are particularly a thing on desktop platforms, because they don’t have a proper sandboxing model. On Windows, non-UWP apps could likely have full access to your .ssh directory. On desktop Linux distributions, sandboxing is also lacking, and the situation is even worse if you’re using X.org since it allows apps to spy on each other (and on your keyboard) by design. A first good step would be to only use SSH from a trusted & decently secure system.

Another layer of defense would obviously be multi-factor authentication, or the fact that you’re relying on a shared secret instead. We can use FIDO2 security keys for that. That way, even if your private key is compromised, the attacker needs physical access to your security key. TOTP is another common 2FA technique, but it’s vulnerable to various attacks, and relies on the quality of the implementation on the server.

How?

Fortunately for us, OpenSSH 8.2 (released in February 2020) introduced native support for FIDO2/U2F. Most OpenSSH distributions should have the middleware set to use the libfido2 library, including portable versions such as the one for Win32.

Basically, ssh-keygen -t ${key_type}-sk will generate for us a token-backed key pair. The key types that are supported depend on your security key. Newer models should support both ECDSA-P256 (ecdsa-sk) and Ed25519 (ed25519-sk). If the latter is available, you should prefer it.

Client configuration

To get started:

This will generate a id_ed25519_sk private key and a id_ed25519_sk.pub public key in .ssh. These are defaults, but you can change them if you want. We will call this key pair a “handle”, because they’re not sufficient by themselves to derive the real secret (as you guessed it, the FIDO2 token is needed). ssh-keygen should ask you to touch the key, and enter the PIN prior to that if you did set one (you probably should).

You can also generate a resident key (referred to as discoverable credential in the WebAuthn specification):

ssh-keygen -t ed25519-sk -O resident -O application=ssh:user1

As you can see, a few options must be specified:

  • -O resident will tell ssh-keygen to generate a resident key, meaning that the private “handle” key will also be stored on the security key itself. This has security implications, but you may want that to move seamlessly between different computers. In that case, you should absolutely protect your key with a PIN beforehand.
  • -O application=ssh: is necessary to instruct that the resident key will use a particular slot, because the security key will have to index the resident keys (by default, they use ssh: with an empty user ID). If this is not specified, the next key generation might overwrite the previous one.
  • -O verify-required is optional but instructs that a PIN is required to generate/access the key.

Resident keys can be retrieved using ssh-keygen -K or ssh-add -K if you don’t want to write them to the disk.

Server configuration

Next, transfer your public key over to the server (granted you have already access to it with a regular key pair):

Ta-da! But one last thing: we need to make sure the server supports this public key format in sshd_config:

Adding [email protected] to PubkeyAcceptedKeyTypes should suffice. It’s best practice to only use the cryptographic primitives that you need, and hopefully ones that are also modern. This isn’t a full-on SSH hardening guide, but you should take a look at the configuration file GrapheneOS uses for their servers to give you an idea on a few good practices.

Restart the sshd service and try to connect to your server using your key handle (by passing -i ~/.ssh/id_ed25519_sk to ssh for instance). If that works for you (your FIDO2 security key should be needed to derive the real secret), feel free to remove your previous keys from .ssh/authorized_keys on your server.

That’s cool, right?

If you don’t have a security key, you can buy one from YubiKey (I’m very happy with my 5C NFC by the way), Nitrokey, SoloKeys or OnlyKey (to name a few). If you have an Android device with a hardware security module (HSM), such as the Google Pixels equipped with Titan M (Pixel 3+), you could even use them as Bluetooth security keys.

No reason to miss out on the party if you can afford it!