hub.darcs.net :: ganesh -> ssh -> issue

#7Pull request for enum/ssh

enum

Good evening,

in my fork at https://hub.darcs.net/enum/ssh I did the following changes:

• merged pointfree/ssh-curve25519-sha256 (in a way conforming to fr33domlovers refactorings)¹
• replaced SimpleAES by cryptonite, since cryptonite supports CTR and SimpleAES doesn't
• added CTR mode support, since OpenSSH has marked CBC mode as deprecated²; this would fix #6

¹) still has the drawback that tests are failing ²) more background information in "Plaintext Recovery Attacks Against SSH" http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf

• enumThu Mar 29 23:37:01 UTC 2018
  • description updated
• enumFri Mar 30 09:41:22 UTC 2018

  Manual test I used to make sure it actually works:

  • clone https://hub.darcs.net/enum/ssh-server-conduit
  • install into the same sandbox
  • cabal run example
  • remove localhost-related lines from ~/.ssh/config, such that OpenSSH really uses aes256-ctr
  • "ssh -p 5033 clutzy@localhost -- count" (password: draconequus)
  • it will tell you that the Environment command is unsupported
  • type some text and hit ^D; the number of characters will be returned

  It shows that the en- and decryption is working.

• ganeshTue Apr 24 06:14:47 UTC 2018

  Sorry for being vey slow to respond! I'm afraid I've rather lost track of all the problems and different forks.

  What should we do about the failing tests?

• ganeshTue Apr 24 06:55:22 UTC 2018

  The first three patches seem simple to merge if they're useful to someone.

• enumTue Apr 24 19:46:26 UTC 2018

  I don't see anything we can do about the failing tests - libssh2 still only supports Diffie-Hellman key exchange (which is deprecated in OpenSSH for a good reason) and there is no alternative client library for Haskell at the moment. Hence I propose to ignore or remove the failing tests and return to manual testing -- I agree this is not a good habit, but otherwise we'll be sticking with deprecated and broken algorithms forever.

• enumTue Apr 24 19:56:49 UTC 2018

  As for “simple to merge”: they all mergeable without conflicts; what I did is the following (in this order):

  • I cloned this fork
  • I added support for custom data/EOF/interrupt handlers, since that was required to implement ssh-server-conduit properly (these changes are trivial; skip them if you like, it won't make a difference for the other patches)
  • merged pointfree's fork ssh-curve25519-sha256 and sorted out all the conflicts already
  • did the changes regarding cryptonite and CTR

  Since there were no later commits in this repository, my fork is just a few patches ahead, without conflicts, and can be merged automatically.

• ganeshThu Apr 26 06:07:45 UTC 2018

  For me, shifting to manual testing as a significant issue for future maintenance, though of course there's the obvious counter point that an untested usable package is better than an tested unusable package.

  We discussed this a bit on #darcs: http://irclog.perlgeek.de/darcs/2018-04-24#i_16086929

  I see two fairly easy options for keeping at least some testing coverage: re-enable the old kex so we can test the rest of the code even if not the kex, and switch to running the ssh command instead of an ssh library.