-
-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Recognize LANcom LCOS software and support ed448 key extraction #277
Recognize LANcom LCOS software and support ed448 key extraction #277
Conversation
@@ -52,6 +52,9 @@ class HostKeyTest: | |||
|
|||
'ssh-ed25519': {'cert': False, 'variable_key_len': False}, | |||
'[email protected]': {'cert': True, 'variable_key_len': False}, | |||
|
|||
'ssh-ed448': {'cert': False, 'variable_key_len': False}, | |||
# '[email protected]': {'cert': True, 'variable_key_len': False}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've never actually seen this key type anywhere in the wild, so I'm hesitant to include it here.
Should a special case for ssh-audit/src/ssh_audit/hostkeytest.py Lines 183 to 190 in 3361b17
|
@@ -157,6 +157,7 @@ def perform_test(out: 'OutputBuffer', s: 'SSH_Socket', server_kex: 'SSH2_Kex', k | |||
ca_key_type = kex_group.get_ca_type() | |||
ca_modulus_size = kex_group.get_ca_size() | |||
out.d("Hostkey type: [%s]; hostkey size: %u; CA type: [%s]; CA modulus size: %u" % (host_key_type, hostkey_modulus_size, ca_key_type, ca_modulus_size), write_now=True) | |||
out.d("Raw hostkey bytes (%d): [%s]" % (len(raw_hostkey_bytes), raw_hostkey_bytes.hex()), write_now=True) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Elsewhere, this repo uses binascii.hexlify
, but since the built-in bytes.hex
has existed since 3.5, I figure it's fine to switch to that here.
Excerpts of the relevant output for a publicly-visible server. Should be easy to find other examples as I describe in the 3361b17 commit message, but I figure I ought not to spam this particular server's address all over GitHub. 😅
|
@dlenskiSB : I provided feedback on one part of this PR. Looks good otherwise. |
…y type LANcom router devices appear to be primarily used in Germany (see [1] for examples on the public Internet), and they appear to support the `ssh-ed448` key type which is documented in [2], but which has never been supported by any as-yet-released version of OpenSSH. [1] https://www.shodan.io/search?query=ssh+%22ed448%22 [2] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format
3361b17
to
c9769b3
Compare
Merged. Thanks for submitting this! |
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. See also jtesta/ssh-audit#277 in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. See also jtesta/ssh-audit#277 in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. See also jtesta/ssh-audit#277 in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. See also jtesta/ssh-audit#277 in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. See also jtesta/ssh-audit#277 in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. See also jtesta/ssh-audit#277 in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. Ed448 private keys are not yet implemented here, because OpenSSH itself does not yet support them, and it is the de facto authority for private key formats. However, PuTTY has already implemented support for generating and using Ed448 keys, and the PuTTY developers note in [3] that the OpenSSH developers are in agreement with them as to the correct Ed448 private key format: > I checked with them [OpenSSH developers], and they agreed that there's an > obviously right format for Ed448 keys, which is to do them exactly like > Ed25519 except that you have a 57-byte string everywhere Ed25519 had a > 32-byte string. So I've done that. See also [4] in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22 [3] github/putty@a085acb [4] jtesta/ssh-audit#277
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. Ed448 private keys are not yet implemented here, because OpenSSH itself does not yet support them, and it is the de facto authority for private key formats. However, PuTTY has already implemented support for generating and using Ed448 keys, and the PuTTY developers note in [3] that the OpenSSH developers are in agreement with them as to the correct Ed448 private key format: > I checked with them [OpenSSH developers], and they agreed that there's an > obviously right format for Ed448 keys, which is to do them exactly like > Ed25519 except that you have a 57-byte string everywhere Ed25519 had a > 32-byte string. So I've done that. See also [4] in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22 [3] github/putty@a085acb [4] jtesta/ssh-audit#277
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. Ed448 private keys are not yet implemented here, because OpenSSH itself does not yet support them, and it is the de facto authority for private key formats. However, PuTTY has already implemented support for generating and using Ed448 keys, and the PuTTY developers note in [3] that the OpenSSH developers are in agreement with them as to the correct Ed448 private key format: > I checked with them [OpenSSH developers], and they agreed that there's an > obviously right format for Ed448 keys, which is to do them exactly like > Ed25519 except that you have a 57-byte string everywhere Ed25519 had a > 32-byte string. So I've done that. See also [4] in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22 [3] github/putty@a085acb [4] jtesta/ssh-audit#277
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. Ed448 private keys are not yet implemented here, because OpenSSH itself does not yet support them, and it is the de facto authority for private key formats. However, PuTTY has already implemented support for generating and using Ed448 keys, and the PuTTY developers note in [3] that the OpenSSH developers are in agreement with them as to the correct Ed448 private key format: > I checked with them [OpenSSH developers], and they agreed that there's an > obviously right format for Ed448 keys, which is to do them exactly like > Ed25519 except that you have a 57-byte string everywhere Ed25519 had a > 32-byte string. So I've done that. See also [4] in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22 [3] github/putty@a085acb [4] jtesta/ssh-audit#277
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. Ed448 private keys are not yet implemented here, because OpenSSH itself does not yet support them, and it is the de facto authority for private key formats. However, PuTTY has already implemented support for generating and using Ed448 keys, and the PuTTY developers note in [3] that the OpenSSH developers are in agreement with them as to the correct Ed448 private key format: > I checked with them [OpenSSH developers], and they agreed that there's an > obviously right format for Ed448 keys, which is to do them exactly like > Ed25519 except that you have a 57-byte string everywhere Ed25519 had a > 32-byte string. So I've done that. See also [4] in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22 [3] github/putty@a085acb [4] jtesta/ssh-audit#277
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. Ed448 private keys are not yet implemented here, because OpenSSH itself does not yet support them, and it is the de facto authority for private key formats. However, PuTTY has already implemented support for generating and using Ed448 keys, and the PuTTY developers note in [3] that the OpenSSH developers are in agreement with them as to the correct Ed448 private key format: > I checked with them [OpenSSH developers], and they agreed that there's an > obviously right format for Ed448 keys, which is to do them exactly like > Ed25519 except that you have a 57-byte string everywhere Ed25519 had a > 32-byte string. So I've done that. See also [4] in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22 [3] github/putty@a085acb [4] jtesta/ssh-audit#277
The 'ssh-ed448' key type is documented along with 'ssh-ed25519' in [1], but has never been supported by any as-yet-released version of OpenSSH. However, LANcom router devices (which appear to be primarily used in Germany, see [2] for examples on the public Internet) appear to support these keys, so this library can and should support loading them. Ed448 private keys are not yet implemented here, because OpenSSH itself does not yet support them, and it is the de facto authority for private key formats. However, PuTTY has already implemented support for generating and using Ed448 keys, and the PuTTY developers note in [3] that the OpenSSH developers are in agreement with them as to the correct Ed448 private key format: > I checked with them [OpenSSH developers], and they agreed that there's an > obviously right format for Ed448 keys, which is to do them exactly like > Ed25519 except that you have a 57-byte string everywhere Ed25519 had a > 32-byte string. So I've done that. See also [4] in which I extended `ssh-audit` to allow it to scan and discover host keys of type 'ssh-ed488'. [1] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format [2] https://www.shodan.io/search?query=ssh+%22ed448%22 [3] github/putty@a085acb [4] jtesta/ssh-audit#277
(Re-creation of arthepsy/ssh-audit#51 after realizing that project is defunct and this one has advanced much further 😄)
LANcom router devices appear to be primarily used in Germany (see [1]
for examples on the public Internet), and they appear to support the
ssh-ed448
key type which is documented in [2], but which has neverbeen supported by any as-yet-released version of OpenSSH.
[1] https://www.shodan.io/search?query=ssh+%22ed448%22
[2] https://datatracker.ietf.org/doc/html/rfc8709#name-public-key-format