A pure-Haskell SSH server library

#7Pull request for enum/ssh

Good evening,

in my fork at https://hub.darcs.net/enum/ssh I did the following changes:

  • merged pointfree/ssh-curve25519-sha256 (in a way conforming to fr33domlovers refactorings)¹
  • replaced SimpleAES by cryptonite, since cryptonite supports CTR and SimpleAES doesn't
  • added CTR mode support, since OpenSSH has marked CBC mode as deprecated²; this would fix #6

¹) still has the drawback that tests are failing ²) more background information in "Plaintext Recovery Attacks Against SSH" http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf

    • description updated
  • Manual test I used to make sure it actually works:

    • clone https://hub.darcs.net/enum/ssh-server-conduit
    • install into the same sandbox
    • cabal run example
    • remove localhost-related lines from ~/.ssh/config, such that OpenSSH really uses aes256-ctr
    • "ssh -p 5033 clutzy@localhost -- count" (password: draconequus)
    • it will tell you that the Environment command is unsupported
    • type some text and hit ^D; the number of characters will be returned

    It shows that the en- and decryption is working.

  • Sorry for being vey slow to respond! I'm afraid I've rather lost track of all the problems and different forks.

    What should we do about the failing tests?

  • The first three patches seem simple to merge if they're useful to someone.

  • I don't see anything we can do about the failing tests - libssh2 still only supports Diffie-Hellman key exchange (which is deprecated in OpenSSH for a good reason) and there is no alternative client library for Haskell at the moment. Hence I propose to ignore or remove the failing tests and return to manual testing -- I agree this is not a good habit, but otherwise we'll be sticking with deprecated and broken algorithms forever.

  • As for “simple to merge”: they all mergeable without conflicts; what I did is the following (in this order):

    • I cloned this fork
    • I added support for custom data/EOF/interrupt handlers, since that was required to implement ssh-server-conduit properly (these changes are trivial; skip them if you like, it won't make a difference for the other patches)
    • merged pointfree's fork ssh-curve25519-sha256 and sorted out all the conflicts already
    • did the changes regarding cryptonite and CTR

    Since there were no later commits in this repository, my fork is just a few patches ahead, without conflicts, and can be merged automatically.

  • For me, shifting to manual testing as a significant issue for future maintenance, though of course there's the obvious counter point that an untested usable package is better than an tested unusable package.

    We discussed this a bit on #darcs: http://irclog.perlgeek.de/darcs/2018-04-24#i_16086929

    I see two fairly easy options for keeping at least some testing coverage: re-enable the old kex so we can test the rest of the code even if not the kex, and switch to running the ssh command instead of an ssh library.