Dropbear and deprecated ssh-rsa issue

Dropbear and deprecated ssh-rsa issue

[Mehmet Fide]

[-- Attachment #1: Type: text/plain, Size: 617 bytes --]

Hello to everybody,

I was silently following the email list for a while.

Today I have a question regarding dropbear and its default recipe provided
in poky/meta/recipes-core/dropbear.

It has been 4 years since ssh-rsa is deprecated by openssh followed by
Linux distros and Visual Studio 2022 as of 17.10.

As I checked today, the dropbear recipe with the master poky still uses
ssh-rsa instead of ecdsa mode which is widely accepted today.

Don't you think that it would be appropriate to change the recipe content
to use ecdsa instead of ssh-rsa one?

I wonder what your thoughts are on this.

Thank you,
Mehmet.

[-- Attachment #2: Type: text/html, Size: 933 bytes --]

Re: [yocto] Dropbear and deprecated ssh-rsa issue

[Alexander Kanavin]

On Thu, 13 Jun 2024 at 13:20, Mehmet Fide via lists.yoctoproject.org
<mehmet.fide=gmail.com@lists.yoctoproject.org> wrote:
> I was silently following the email list for a while.
>
> Today I have a question regarding dropbear and its default recipe provided in poky/meta/recipes-core/dropbear.
>
> It has been 4 years since ssh-rsa is deprecated by openssh followed by Linux distros and Visual Studio 2022 as of 17.10.
>
> As I checked today, the dropbear recipe with the master poky still uses ssh-rsa instead of ecdsa mode which is widely accepted today.
>
> Don't you think that it would be appropriate to change the recipe content to use ecdsa instead of ssh-rsa one?

Yes that would be much welcome. Can you work on that?

Alex

RE: [yocto] Dropbear and deprecated ssh-rsa issue

[mehmet.fide]

Yes, I believe I can do that. But there are couple of options, I'm not sure which one to be followed:
1. Replace rsa key with ecdsa and continue with ecdsa support only. (this disables rsa mode)
2. Keep rsa mode on and also activate ecdsa key next to it therefore they can work side by side simultaneously
3. ??

Thanks.


-----Original Message-----
From: Alexander Kanavin <alex.kanavin@gmail.com> 
Sent: Thursday, June 13, 2024 3:28 PM
To: yocto@lists.yoctoproject.org; mehmet.fide@gmail.com
Subject: Re: [yocto] Dropbear and deprecated ssh-rsa issue

On Thu, 13 Jun 2024 at 13:20, Mehmet Fide via lists.yoctoproject.org <mehmet.fide=gmail.com@lists.yoctoproject.org> wrote:
> I was silently following the email list for a while.
>
> Today I have a question regarding dropbear and its default recipe provided in poky/meta/recipes-core/dropbear.
>
> It has been 4 years since ssh-rsa is deprecated by openssh followed by Linux distros and Visual Studio 2022 as of 17.10.
>
> As I checked today, the dropbear recipe with the master poky still uses ssh-rsa instead of ecdsa mode which is widely accepted today.
>
> Don't you think that it would be appropriate to change the recipe content to use ecdsa instead of ssh-rsa one?

Yes that would be much welcome. Can you work on that?

Alex

Re: [yocto] Dropbear and deprecated ssh-rsa issue

[Alexander Kanavin]

I don't have a strong opinion. Being consistent with openssh would be
best perhaps.

Alex

On Wed, 19 Jun 2024 at 19:04, <mehmet.fide@gmail.com> wrote:
>
> Yes, I believe I can do that. But there are couple of options, I'm not sure which one to be followed:
> 1. Replace rsa key with ecdsa and continue with ecdsa support only. (this disables rsa mode)
> 2. Keep rsa mode on and also activate ecdsa key next to it therefore they can work side by side simultaneously
> 3. ??
>
> Thanks.
>
>
> -----Original Message-----
> From: Alexander Kanavin <alex.kanavin@gmail.com>
> Sent: Thursday, June 13, 2024 3:28 PM
> To: yocto@lists.yoctoproject.org; mehmet.fide@gmail.com
> Subject: Re: [yocto] Dropbear and deprecated ssh-rsa issue
>
> On Thu, 13 Jun 2024 at 13:20, Mehmet Fide via lists.yoctoproject.org <mehmet.fide=gmail.com@lists.yoctoproject.org> wrote:
> > I was silently following the email list for a while.
> >
> > Today I have a question regarding dropbear and its default recipe provided in poky/meta/recipes-core/dropbear.
> >
> > It has been 4 years since ssh-rsa is deprecated by openssh followed by Linux distros and Visual Studio 2022 as of 17.10.
> >
> > As I checked today, the dropbear recipe with the master poky still uses ssh-rsa instead of ecdsa mode which is widely accepted today.
> >
> > Don't you think that it would be appropriate to change the recipe content to use ecdsa instead of ssh-rsa one?
>
> Yes that would be much welcome. Can you work on that?
>
> Alex
>

Re: [yocto] Dropbear and deprecated ssh-rsa issue

[Mike Looijmans]

Met vriendelijke groet / kind regards,

Mike Looijmans
System Expert


TOPIC Embedded Products B.V.
Materiaalweg 4, 5681 RJ Best
The Netherlands

T: +31 (0) 499 33 69 69
E: mike.looijmans@topic.nl
W: www.topic.nl

Please consider the environment before printing this e-mail
On 19-06-2024 19:04, Mehmet Fide via lists.yoctoproject.org wrote:
> Yes, I believe I can do that. But there are couple of options, I'm not sure which one to be followed:
> 1. Replace rsa key with ecdsa and continue with ecdsa support only. (this disables rsa mode)
> 2. Keep rsa mode on and also activate ecdsa key next to it therefore they can work side by side simultaneously
> 3. ??
> 

Keep in mind that there are millions of released and installed systems out 
there. Their owners will get very, very angry if a software upgrade locks them 
out.

Desktop distros may be able to bluntly disable some protocols, because there's 
always a user that has access and can patch things up, but embedded systems 
often offer no access whatsoever apart from the SSH interface, so there's no 
way to go in and "fix" it if something invalidates the keys on the system.

Hence my vote is for option 3 and please ignore what the big distros do.

Four years may seem long to some people. For embedded systems, that's just a 
normal number that "uptime" would return.



> Thanks.
> 
> 
> -----Original Message-----
> From: Alexander Kanavin <alex.kanavin@gmail.com>
> Sent: Thursday, June 13, 2024 3:28 PM
> To: yocto@lists.yoctoproject.org; mehmet.fide@gmail.com
> Subject: Re: [yocto] Dropbear and deprecated ssh-rsa issue
> 
> On Thu, 13 Jun 2024 at 13:20, Mehmet Fide via lists.yoctoproject.org <mehmet.fide=gmail.com@lists.yoctoproject.org> wrote:
>> I was silently following the email list for a while.
>>
>> Today I have a question regarding dropbear and its default recipe provided in poky/meta/recipes-core/dropbear.
>>
>> It has been 4 years since ssh-rsa is deprecated by openssh followed by Linux distros and Visual Studio 2022 as of 17.10.
>>
>> As I checked today, the dropbear recipe with the master poky still uses ssh-rsa instead of ecdsa mode which is widely accepted today.
>>
>> Don't you think that it would be appropriate to change the recipe content to use ecdsa instead of ssh-rsa one?
> 
> Yes that would be much welcome. Can you work on that?
> 
> Alex
> 
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#63366): https://lists.yoctoproject.org/g/yocto/message/63366
> Mute This Topic: https://lists.yoctoproject.org/mt/106649419/3618446
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [mike.looijmans@topic.nl]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

Re: [yocto] Dropbear and deprecated ssh-rsa issue

[Marta Rybczynska]

[-- Attachment #1: Type: text/plain, Size: 780 bytes --]

On Wed, Jun 19, 2024 at 7:04 PM Mehmet Fide via lists.yoctoproject.org
<mehmet.fide=gmail.com@lists.yoctoproject.org> wrote:

> Yes, I believe I can do that. But there are couple of options, I'm not
> sure which one to be followed:
> 1. Replace rsa key with ecdsa and continue with ecdsa support only. (this
> disables rsa mode)
> 2. Keep rsa mode on and also activate ecdsa key next to it therefore they
> can work side by side simultaneously
> 3. ??
>

Thanks for spotting this one!

For master I would just drop RSA and add a big note to the migration notes
for the next release. There are other breaking changes usually too.

For LTS branches it would be good to enable ECDSA in addition to RSA at
least. Steve, what do you think?

Kind regards,
Marta

[-- Attachment #2: Type: text/html, Size: 1231 bytes --]

Re: [yocto] Dropbear and deprecated ssh-rsa issue

[Alexander Kanavin]

On Thu, 20 Jun 2024 at 09:07, Marta Rybczynska <rybczynska@gmail.com> wrote:
> For LTS branches it would be good to enable ECDSA in addition to RSA at least. Steve, what do you think?

In my opinion, no. It's a new feature, LTS aren't eligible for that.

Alex

Re: [yocto] Dropbear and deprecated ssh-rsa issue

[Alexander Kanavin]

On Thu, 20 Jun 2024 at 08:55, Mike Looijmans <mike.looijmans@topic.nl> wrote:
> Keep in mind that there are millions of released and installed systems out
> there. Their owners will get very, very angry if a software upgrade locks them
> out.
>
> Desktop distros may be able to bluntly disable some protocols, because there's
> always a user that has access and can patch things up, but embedded systems
> often offer no access whatsoever apart from the SSH interface, so there's no
> way to go in and "fix" it if something invalidates the keys on the system.
>
> Hence my vote is for option 3 and please ignore what the big distros do.
>
> Four years may seem long to some people. For embedded systems, that's just a
> normal number that "uptime" would return.

I'm not sure I understand your point. Pushing software updates to the
field without first testing them locally is insane. If that practice
bricks the devices, I have no sympathy for the vendor.

Second, a change like this will not happen in LTS. LTS doesn't
(knowingly) break things, or add new features. In master, on the other
hand, it can and it should happen: a bit part of keeping things secure
is disabling or removing insecure crypto. Various upstreams do this
all the time, and I don't see why we can't.

Alex

Re: [yocto] Dropbear and deprecated ssh-rsa issue

[Mike Looijmans]

Met vriendelijke groet / kind regards,

Mike Looijmans
System Expert


TOPIC Embedded Products B.V.
Materiaalweg 4, 5681 RJ Best
The Netherlands

T: +31 (0) 499 33 69 69
E: mike.looijmans@topic.nl
W: www.topic.nl

Please consider the environment before printing this e-mail
On 20-06-2024 10:08, Alexander Kanavin wrote:
> On Thu, 20 Jun 2024 at 08:55, Mike Looijmans <mike.looijmans@topic.nl> wrote:
>> Keep in mind that there are millions of released and installed systems out
>> there. Their owners will get very, very angry if a software upgrade locks them
>> out.
>>
>> Desktop distros may be able to bluntly disable some protocols, because there's
>> always a user that has access and can patch things up, but embedded systems
>> often offer no access whatsoever apart from the SSH interface, so there's no
>> way to go in and "fix" it if something invalidates the keys on the system.
>>
>> Hence my vote is for option 3 and please ignore what the big distros do.
>>
>> Four years may seem long to some people. For embedded systems, that's just a
>> normal number that "uptime" would return.
> 
> I'm not sure I understand your point. Pushing software updates to the
> field without first testing them locally is insane. If that practice
> bricks the devices, I have no sympathy for the vendor.

Since products live much longer than LTS releases, new images will be released 
based on newer OE versions.

Devices will have stored SSH public keys in their configuration area, and 
updating the image will not touch that. So after upgrading the firmware, the 
service engineer can still SSH into the box. This is the only way to get in, 
there's no serial terminal, no password, nothing else.

If the SSH server suddenly refuses to use the existing RSA key, it will lock 
them out with no chance of recovery other than a full factory reset which also 
deletes all user/site data.

Testing is not likely to reveil this issue, as that's typically done on a 
"clean" unit.

I've been made aware now, so I'll be sure to keep this in mind... But not 
everyone follows this list.


> 
> Second, a change like this will not happen in LTS. LTS doesn't
> (knowingly) break things, or add new features. In master, on the other
> hand, it can and it should happen: a bit part of keeping things secure
> is disabling or removing insecure crypto. Various upstreams do this
> all the time, and I don't see why we can't.
> 

All that's needed is to keep the RSA support in. At least for the next LTS. It 
offers a migration path without a factory reset. One can log in, install new 
keys and remove the old ones.

Having RSA support by itself doesn't make the system less secure. It only has 
any effect if RSA keys are being used. Which new users won't do.

Re: [yocto] Dropbear and deprecated ssh-rsa issue

[Steve Sakoman]

On Thu, Jun 20, 2024 at 1:01 AM Alexander Kanavin
<alex.kanavin@gmail.com> wrote:
>
> On Thu, 20 Jun 2024 at 09:07, Marta Rybczynska <rybczynska@gmail.com> wrote:
> > For LTS branches it would be good to enable ECDSA in addition to RSA at least. Steve, what do you think?
>
> In my opinion, no. It's a new feature, LTS aren't eligible for that.

Alex is correct, feature additions are outside LTS policy without TSC approval.

Steve