mozilla/ssh_scan

Failure if no RSA key is offered

lkiesow opened this issue · 5 comments

If the checked SSH server does not provide an RSA host key, ssh_scan will happily print a report as usual, state the server's compliance, … but also print out an error like this:

"error": "could not settle on host_key algorithm"

…which turns into a big red error message on the Mozilla SSH Observatory:

Scan Failed: The Mozilla SSH Observatory scans from sshscan.rubidus.com at 45.55.176.164.
Many systems are configured with firewalls that block SSH access. To successfully scan with the SSH Observatory, access must be granted to Mozilla's scanning system.

…which is kind of misleading.

Is this really an error? In contrast to this, a non-existing ecdsa key will not yield an error.
The server in question offeres a ed25519 key which is detected and listed by ssh_scan.

@lkiesow any chance this host is public and you'd be willing to shared the ip/hostname so I can do some troubleshooting with ssh_scan and then work the fix up the stack to have it properly fixed in Observatory?

Sure. I just spun up a machine and configured it without RSA key:

ssh_scan -t ec2-34-245-151-73.eu-west-1.compute.amazonaws.com yields:

[
  {
    "ssh_scan_version": "0.0.40",
    "ip": "34.245.151.73",
    "hostname": "ec2-34-245-151-73.eu-west-1.compute.amazonaws.com",
    "port": 22,
    "server_banner": "SSH-2.0-OpenSSH_7.4",
    "ssh_version": 2.0,
    "os": "unknown",
    "os_cpe": "o:unknown",
    "ssh_lib": "openssh",
    "ssh_lib_cpe": "a:openssh:openssh:7.4",
    "key_algorithms": [
      "curve25519-sha256@libssh.org",
      "ecdh-sha2-nistp521",
      "ecdh-sha2-nistp384",
      "ecdh-sha2-nistp256",
      "diffie-hellman-group-exchange-sha256"
    ],
    "encryption_algorithms_client_to_server": [
      "chacha20-poly1305@openssh.com",
      "aes256-gcm@openssh.com",
      "aes128-gcm@openssh.com",
      "aes256-ctr",
      "aes192-ctr",
      "aes128-ctr"
    ],
    "encryption_algorithms_server_to_client": [
      "chacha20-poly1305@openssh.com",
      "aes256-gcm@openssh.com",
      "aes128-gcm@openssh.com",
      "aes256-ctr",
      "aes192-ctr",
      "aes128-ctr"
    ],
    "mac_algorithms_client_to_server": [
      "hmac-sha2-512-etm@openssh.com",
      "hmac-sha2-256-etm@openssh.com",
      "umac-128-etm@openssh.com",
      "hmac-sha2-512",
      "hmac-sha2-256",
      "umac-128@openssh.com"
    ],
    "mac_algorithms_server_to_client": [
      "hmac-sha2-512-etm@openssh.com",
      "hmac-sha2-256-etm@openssh.com",
      "umac-128-etm@openssh.com",
      "hmac-sha2-512",
      "hmac-sha2-256",
      "umac-128@openssh.com"
    ],
    "compression_algorithms_client_to_server": [
      "none",
      "zlib@openssh.com"
    ],
    "compression_algorithms_server_to_client": [
      "none",
      "zlib@openssh.com"
    ],
    "languages_client_to_server": [

    ],
    "languages_server_to_client": [

    ],
    "auth_methods": [

    ],
    "keys": {
      "ed25519": {
        "raw": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFL3NXDl4USyTO1Ed3kk/rTGMU2VCxU1mhHzG6yMy9N",
        "length": 256,
        "fingerprints": {
          "md5": "e5:55:13:b9:bc:87:95:08:13:7f:1d:67:cf:31:0c:0b",
          "sha1": "b8:15:58:8e:e1:19:f7:7b:2e:a3:2f:bc:ae:24:4b:73:39:0d:51:b6",
          "sha256": "vuoinAj5+c32ip0lBYXCF7ScvnAVq8XaCmrEEefFS3E="
        }
      }
    },
    "duplicate_host_key_ips": [

    ],
    "compliance": {
      "policy": "Mozilla Modern",
      "compliant": true,
      "recommendations": [

      ],
      "references": [
        "https://wiki.mozilla.org/Security/Guidelines/OpenSSH"
      ],
      "grade": "A"
    },
    "start_time": "2019-03-22 15:27:43 +0100",
    "end_time": "2019-03-22 15:27:44 +0100",
    "scan_duration_seconds": 0.895079021,
    "error": "could not settle on host_key algorithm"
  }
]

Observatory yields:

Screenshot from 2019-03-22 15-40-50

sshd_config can be found at https://data.lkiesow.io/ssh_scan/sshd_config.txt

PS: Thanks for taking a look at this.

Ok, I think I know what's happening here. RSA/DSA/etc. keys are extracted by ssh-key, but we also use Ruby Net::SSH, which probably isn't fully supporting the negotiation process, resulting in the error. I'm pretty tied up today, but would like to take a closer look next week. Thanks for the report and repro!

Same problem today.
Scan ok with A if RSA key is enable
but scan failed if only : HostKey /etc/ssh/ssh_host_ed25519_key

TCPdump
00:45:03.653259 IP sshscan.rubidus.com.36528 > my.host.ovh.ssh: Flags [S], seq 387970859, win 29200, options [mss 1460,sackOK,TS val 3117152869 ecr 0,nop,wscale 7], length 0
00:45:03.653318 IP my.host.ovh > sshscan.rubidus.com: ICMP ct1804.misson.ovh tcp port ssh unreachable, length 68

Not critical, as I know my SSH is "A grade" when RSA key enable.
Must be higher with only ed25519 key ;-)
Thanks

I'm imagining this is related to something low level in the scan engine. I'm currently evaluating the next steps for this project, such as whether to port to python or to invest further in the ruby implementation. Any suggestions are welcome.