Tectia Client/Server 6.4. Enabling Elliptic Curve Cryptography. Practical Guide

Transcription

1 Tectia Client/Server 6.4 Enabling Elliptic Curve Cryptography Practical Guide 10 November 2015

2 Tectia Client/Server 6.4: Enabling Elliptic Curve Cryptography: Practical Guide 10 November 2015 Copyright This software and documentation are protected by international copyright laws and treaties. All rights reserved. ssh and Tectia are registered trademarks of SSH Communications Security Corporation in the United States and in certain other jurisdictions. SSH and Tectia logos and names of products and services are trademarks of SSH Communications Security Corporation. Logos and names of products may be registered in certain jurisdictions. All other names and marks are property of their respective owners. No part of this publication may be reproduced, published, stored in an electronic database, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, for any purpose, without the prior written permission of SSH Communications Security Corporation. THERE IS NO WARRANTY OF ANY KIND FOR THE ACCURACY, RELIABILITY OR USEFULNESS OF THIS INFORMATION EXCEPT AS REQUIRED BY APPLICABLE LAW OR EXPRESSLY AGREED IN WRITING. For Open Source Software acknowledgements, see appendix Open Source Software License Acknowledgements in the User Manual. SSH Communications Security Corporation Kornetintie 3, FI Helsinki, Finland

3 3 Table of Contents 1. Introduction Enabling ECC for Tectia Client and Server on Windows Tectia Client User Keys Host Keys Key Exchange Tectia Server User Keys Host Key Key Exchange Enabling ECC for Tectia Client and Server on Unix Tectia Client User Keys Host Keys Key Exchange Tectia Server User Keys Host Key Key Exchange Testing the Connection Configuration File Reference Tectia Client (ssh-broker-config.xml) Tectia Server (ssh-server-config.xml)... 23

4 4 Tectia Client/Server 6.4

5 5 Chapter 1 Introduction This document provides step-by-step instructions for enabling elliptic curve cryptography on Tectia Client and Server. Elliptic curve cryptography is supported on Tectia Client and Server and newer. The instructions presented in this guide do not apply to older versions of Tectia Client and Server. This guide assumes that the default configurations are in use. The default connection profile is used throughout this guide. The same settings can be applied on a profile-by-profile basis if required.

6 6 Introduction

7 7 Chapter 2 Enabling ECC for Tectia Client and Server on Windows 2.1 Tectia Client Open the Tectia Connections Configuration GUI (Click Start > All Programs > Tectia Client > Tectia - SSH Terminal. Click the orange cog in the terminal window.) User Keys Enabling Elliptic Curve Public Keys To enable ECDSA public-key algorithms for Tectia Client, do the following: 1. In the Tectia Connections Configuration GUI, go to General > Default Connection and select the Authentication tab. 2. Move ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 to the Enabled Algorithms list:

8 8 Enabling ECC for Tectia Client and Server on Windows Figure 2.1. Enabling ECDSA public-key signature algorithms 3. Once you have enabled the elliptic curve algorithms, you can change the order of the list using the red up and down arrow buttons. Tectia Client reads the list in the top-down order. The list will look like this if the ECDSA algorithms are ordered at the top: 4. Click Apply.

9 9 To enable ECDSA keys for X.509, repeat the process above but select the keys named x509v3- ecdsa-sha2-* instead. Creating ECDSA User Key 1. In the Tectia Connections Configuration GUI, go to User Authentication > Keys and Certificates. Under Key and Certificate List, click New key Provide a file name for the key. 3. Click Advanced Options. 4. For Key type, select ECDSA. 5. Select the Key length. A 256-bit ECDSA key provides a level of security equivalent to a 3072-bit DSA or RSA key. Figure 2.2. Creating an ECDSA key using the Public-Key Authentication Wizard 6. To generate the key, click Next.

10 10 Enabling ECC for Tectia Client and Server on Windows 7. The wizard takes you to the Upload Public Key page. If you do not wish to upload the key to a server, click Cancel Host Keys To enable ECDSA host-key algorithms for Tectia Client, do the following: 1. In the Tectia Connections Configuration GUI, go to General > Default Connection > Server and clear the Use factory defaults check box. 2. Move ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 to the Enabled Hostkey Algorithms list. Figure 2.3. Enabling elliptic curve host-key algorithms for Tectia Client 3. Once you have enabled the ECDSA host-key algorithms, you can change the order of the list using the red up and down arrow buttons. Tectia Client reads the list in the top-down order.

11 2.1.3 Key Exchange Click Apply. To enable ECDSA host keys for X.509, repeat the process described above but select the algorithms named x509v3-ecdsa-sha2-* Key Exchange To enable Elliptic Curve Diffie Hellman (ECDH) key exchange algorithms for Tectia Client, do the following: 1. In the Tectia Connections Configuration GUI, go to General > Default Connection > KEXs. Clear the Use factory defaults check box. 2. Move ECDH-NISTP256, ECDH-NISTP384 and ECDH-NISTP521 to the Enabled KEXs list. Figure 2.4. Enabling Elliptic Curve Diffie Hellman KEXs for Tectia Client

12 12 Enabling ECC for Tectia Client and Server on Windows 3. Once you have enabled the ECDH KEXs, you can change the order of the list using the red up and down arrow buttons. Tectia Client reads the list in the top-down order. 4. Click Apply. 2.2 Tectia Server Open the Tectia Server Configuration tool (click Start > All programs > Tectia Server > Tectia Server Configuration) User Keys To enable ECDSA public-key signature algorithms for Tectia Server, do the following: 1. Go to Authentication and select the Parameters tab. In the Public-Key Authentication section's Signature algorithms list, select ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 and ecdsa-sha2- nistp521. The algorithms will be highlighted blue when enabled.

13 13 Figure 2.5. Enabling elliptic curve public-key signature algorithms for Tectia Server 2. Click Apply. 3. For immediate effect, stop and start Tectia Server. To enable ECDSA keys for X.509, repeat the process above but select the algorithms named x509v3- ecdsa-sha2-*.

14 14 Enabling ECC for Tectia Client and Server on Windows Host Key Enabling Elliptic Curve Host Keys To enable ECDSA host-key algorithms for Tectia Server, do the following: 1. Go to Connections and Encryption and select the Parameters tab. In the Encryption section's Hostkey Algorithms list, select ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521. The algorithms will be highlighted blue when enabled. Figure 2.6. Enabling elliptic curve host-key algorithms for Tectia Server 2. Click Apply. 3. For immediate effect, stop and start Tectia Server.

15 15 To enable ECDSA keys for X.509, repeat the process above but select the algorithms named x509v3- ecdsa-sha2-*. Creating ECDSA Host Key 1. Go to the Identity page. Figure 2.7. Creating ECDSA host key 2. In the Host Key (ECDSA) section, click Generate ECDSA Key. 3. Click Apply. 4. For immediate effect, stop and start Tectia Server.

16 16 Enabling ECC for Tectia Client and Server on Windows If you wish to use only ECDSA host keys, remove trace of any other host key location Key Exchange To enable ECDH key exchange algorithms for Tectia Server, do the following: 1. Go to Connections and Encryption and select the Parameters tab. In the Encryption section's KEXs list, select ECDH-NISTP256, ECDH-NISTP384 and ECDH-NISTP521. The algorithms will be highlighted blue when enabled. Figure 2.8. Enabling Elliptic Curve Diffie Hellman KEXs for Tectia Server 2. Click Apply. 3. For immediate effect, stop and start Tectia Server.

17 17 Chapter 3 Enabling ECC for Tectia Client and Server on Unix This guide edits files that will affect any production configuration. Please back up Tectia Client and Tectia Server configuration files (ssh-broker-config.xml and ssh-server-config.xml) before making any changes. By default, no aspects of elliptic curve keys are enabled so they must be added to the configurations and then the keys (host key and user keys) must be generated. 3.1 Tectia Client User Keys Enabling Elliptic Curve Public Keys Add the ECDSA algorithms (remove any key sizes you do not wish to allow) to the list of auth-publickey signature-algorithms (within the <authentication-methods> element) in your ssh-broker-config.xml: <auth-publickey signature-algorithms="ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, \ ecdsa-sha2-nistp521,ssh-dss,ssh-rsa,ssh-dss-sha256@ssh.com, \ ssh-rsa-sha256@ssh.com,x509v3-sign-dss,x509v3-sign-rsa, \ x509v3-sign-dss-sha256@ssh.com, x509v3-sign-rsa-sha256@ssh.com"> <key-selection policy="automatic"> </key-selection> </auth-publickey> To enable ECDSA keys for X.509, add also the following to the signature-algorithms list: x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521.

18 18 Enabling ECC for Tectia Client and Server on Unix Creating ECDSA User Key Create the ECDSA user key with ssh-keygen-g3. For more information on ssh-keygen-g3, refer to the Tectia Client User Manual. Use ssh-keygen-g3 with t (type) ecdsa. Once generated, the resulting.pub file should be uploaded to the target server. Do this under the correct user account. The example below is using the root user. [root@host ~]# ssh-keygen-g3 -t ecdsa Generating 256 bits ECDSA key on nistp256 curve Key generated. 256-bit ecdsa, root@host.example.com, Mon Aug :57: Passphrase : Again : Key is stored with NULL passphrase Private key saved to /root/.ssh2/id_ecdsa_256_a Public key saved to /root/.ssh2/id_ecdsa_256_a.pub Host Keys To enable elliptic curve host keys for Tectia Client, add the ECDSA host-key algorithms (remove any algorithms you do not wish to allow) within the <hostkey-algorithms> element below any <kexs> element of your ssh-broker-config.xml. If the <kexs> section does not exist, you can place the <hostkey-algorithms> element above the <authentication-methods> element.... </kexs> <hostkey-algorithms> <hostkey-algorithm name="ecdsa-sha2-nistp256" /> <hostkey-algorithm name="ecdsa-sha2-nistp384" /> <hostkey-algorithm name="ecdsa-sha2-nistp521" /> <hostkey-algorithm name="ssh-dss" /> <hostkey-algorithm name="ssh-rsa" /> <hostkey-algorithm name="ssh-dss-sha256@ssh.com" /> <hostkey-algorithm name="ssh-rsa-sha256@ssh.com" /> <hostkey-algorithm name="x509v3-sign-dss" /> <hostkey-algorithm name="x509v3-sign-rsa" /> <hostkey-algorithm name="x509v3-sign-dss-sha256@ssh.com" /> <hostkey-algorithm name="x509v3-sign-rsa-sha256@ssh.com" /> </hostkey-algorithms> <authentication-methods>...

19 3.1.3 Key Exchange 19 To enable ECDSA host keys for X.509, add also the following hostkey-algorithm names: x509v3- ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521. A test connection will look like this (the vv option was used for basic debug and some noise was removed from the output): $ sshg3 -vv root@ :40:28: 6200 Broker_tcp_connect, Dst: , Dst Port: 22, Src Port: 49189, Local username: johnd :40:28: 1002 Algorithm_negotiation_success, "kex_algorithm=diffie-hellman-group1-sha1, hostkey_algorithm=ecdsa-sha2-nistp256, cipher=crypticore128@ ssh.com/crypticore128@ssh.com, mac=crypticore-mac@ssh.com/crypticore-mac@ssh.com, compression=none/none", Session-Id: :40:29: 6204 Broker_transport_connect, Dst: , Dst Port: 22, Remote username: root, Src Port: 49189, Local username: johnd, Session-I d: :40:29: 1003 KEX_success, Algorithm: diffie-hellman-group1-sha1, Modulus: 1024 bits, Session-Id: 31, Protocol-session-Id: 02A94DF2D6B4441C11E4E333E78E0C208728AE :40:29: 703 Auth_methods_available, Auth methods: gssapi-with-mic,password,publickey,keyboard-interactive, Session-Id: :40:29: 6303 Broker_userauth_method_failure, "publickey", Session-Id: 31 root@ 's password: Server hostkey algorithm: ecdsa-sha2-nistp256 Server identity: 256 bit ecdsa key SHA-1: bd6a1d45f262db8095ee5e6a2eb1c3fac7111d00 xozek-palag-hysak-dykym-byhev-velik-piror-cibiz-pycec-culyb-bexox Authentication successful. Last login: Mon Aug :31: from Key Exchange To enable Elliptic Curve Diffie Hellman (ECDH) key exchange algorithms for Tectia Client, add the ECDH KEX names within the <kexs> element in your ssh-broker-config.xml: <kexs> <kex name="diffie-hellman-group14-sha1" /> <kex name="diffie-hellman-group14-sha256@ssh.com" /> <kex name="diffie-hellman-group-exchange-sha1" /> <kex name="diffie-hellman-group-exchange-sha256" /> <kex name="ecdh-sha2-nistp256" /> <kex name="ecdh-sha2-nistp384" /> <kex name="ecdh-sha2-nistp521" /> </kexs>

20 20 Enabling ECC for Tectia Client and Server on Unix 3.2 Tectia Server User Keys Add the ECDSA algorithms (remove any key sizes you do not wish to allow) to the list of auth-publickey signature-algorithms (within the <authentication-methods> element) in your ssh-server-config.xml: <authentication-methods> <authentication> <auth-publickey require-dns-match="no" signature-algorithms="ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, \ ecdsa-sha2-nistp521,ssh-dss,ssh-rsa,ssh-dss-sha256@ssh.com, \ ssh-rsa-sha256@ssh.com,x509v3-sign-dss,x509v3-sign-rsa, \ x509v3-sign-dss-sha256@ssh.com,x509v3-sign-rsa-sha256@ssh.com"/> <auth-password /> <auth-keyboard-interactive /> </authentication> </authentication-methods> To enable ECDSA keys for X.509, add also the following to the signature-algorithms list: x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521 After you have made the changes, you must stop and start the server to take the new configuration into use: # /etc/init.d/ssh-server-g3 stop # /etc/init.d/ssh-server-g3 start Host Key Enabling Elliptic Curve Host Keys Add the ECDSA host-key algorithms (remove any key sizes you do not wish to allow) within the <connection> section of your ssh-server-config.xml: <hostkey-algorithm name="ecdsa-sha2-nistp256" /> <hostkey-algorithm name="ecdsa-sha2-nistp384" /> <hostkey-algorithm name="ecdsa-sha2-nistp521" /> <hostkey-algorithm name="ssh-dss" /> <hostkey-algorithm name="ssh-rsa" /> <hostkey-algorithm name="ssh-dss-sha256@ssh.com" /> <hostkey-algorithm name="ssh-rsa-sha256@ssh.com" /> <hostkey-algorithm name="x509v3-sign-dss" /> <hostkey-algorithm name="x509v3-sign-rsa" /> <hostkey-algorithm name="x509v3-sign-dss-sha256@ssh.com" /> <hostkey-algorithm name="x509v3-sign-rsa-sha256@ssh.com" />

21 3.2.3 Key Exchange 21 To enable ECDSA host keys for X.509, add also the following hostkey-algorithm names: x509v3- ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521. Once the configuration has been amended to use the ECDSA host-key algorithms you can create the ECDSA host key. Creating ECDSA Host Key Create the ECDSA host key using ssh-keygen-g3. For more information on ssh-keygen-g3, refer to the Tectia Server Administrator Manual. You must ensure your SSH client can accept an ECDSA host key. The following command will add an ECDSA host key to your SSH Server. By default, a 256-bit key is generated. (The -b option can be used to define the size of the key.) Using ssh-keygen-g3 with t (type), H (host key) and P (no passphrase): [root@host ~]# ssh-keygen-g3 -t ecdsa -H -P Generating 256 bits ECDSA key on nistp256 curve Key generated. 256-bit ecdsa, root@host.example.com, Wed Aug :00: Private key saved to /etc/ssh2/hostkey Public key saved to /etc/ssh2/hostkey.pub After you have made the changes, you must stop and start the server to take the new configuration into use: # /etc/init.d/ssh-server-g3 stop # /etc/init.d/ssh-server-g3 start Key Exchange To enable the Elliptic Curve Diffie Hellman (ECDH) key exchange algorithms for Tectia Server, add the ECDH KEXs under the existing KEXs in your ssh-server-config.xml: <kex name="diffie-hellman-group14-sha1" /> <kex name="diffie-hellman-group14-sha256@ssh.com" /> <kex name="diffie-hellman-group-exchange-sha1" /> <kex name="diffie-hellman-group-exchange-sha256" /> <kex name="ecdh-sha2-nistp256" /> <kex name="ecdh-sha2-nistp384" /> <kex name="ecdh-sha2-nistp521" />

22 22 Enabling ECC for Tectia Client and Server on Unix 3.3 Testing the Connection Once the user's public key (.pub) has been uploaded to the target user account on the target server and ECDSA public keys are enabled on both Tectia Client and Tectia Server, you will get the following type of output when connecting: $ sshg3 -vv root@ :02:58: 6200 Broker_tcp_connect, Dst: , Dst Port: 22, Src Port: 49236, Local username: johnd :02:58: 1002 Algorithm_negotiation_success, "kex_algorithm=diffie-hel lman-group1-sha1, hostkey_algorithm=ecdsa-sha2-nistp256, cipher=crypticore128@ssh. com/crypticore128@ssh.com, mac=crypticore-mac@ssh.com/crypticore-mac@ssh.com, com pression=none/none", Session-Id: :02:58: 6204 Broker_transport_connect, Dst: , Dst Port: 2 2, Remote username: root, Src Port: 49236, Local username: johnd, Session-Id: :02:58: 1003 KEX_success, Algorithm: diffie-hellman-group1-sha1, Modu lus: 1024 bits, Session-Id: 54, Protocol-session-Id: 26CF99FCA2E22500E8D11511C C18 43D E :02:58: 703 Auth_methods_available, Auth methods: password,publickey, keyboard-interactive, Session-Id: :02:58: 1210 Key_store_sign, Key path: software://0/directory_key(/ home/johnd/.ssh2/key_ecdsa)/key_id(1), Session-Id: :02:59: 6302 Broker_userauth_method_success, "publickey", Session-Id: :02:59: 6208 Broker_connection_connect, Dst: , Dst Port: 22, Local username: johnd, Remote username: root, Uses gateway?: No, Session-Id: :02:59: 6004 Broker_exec_channel_open, Client: sshg3, Pid: 3824, Serv er: root@ , Server Port: 0, Local username: johnd, Command: <shell>, "Terminal width: 80 chars, Terminal height: 65 rows, Terminal width: 640 pixels, T erminal height: 480 pixels, Stderr type: separate, Is subsystem?: FALSE, Allocate pty?: TRUE, X11 forwarding?: retain, Agent forwarding?: retain, X11 Display Variab le: :0, Agent variable: (null), Term variable: vt100", Channel Id: 55, Session-Id : 54 Connection destination: root@ :22 Connection ID: 54 Session ID: 26cf99fca2e22500e8d11511cc1843d e2 Connection opened at: Tue Aug :02: Server authentication: publickey User authentications completed: publickey [#1] Server version: SSH SSH Tectia Server Server hostkey algorithm: ecdsa-sha2-nistp256 Server identity: 256 bit ecdsa key SHA-1: bd6a1d45f262db8095ee5e6a2eb1c3fac7111d00 xozek-palag-hysak-dykym-byhev-velik-piror-cibiz-pycec-culyb-bexox Authentication successful. Last login: Mon Aug :25: from

23 3.4 Configuration File Reference Configuration File Reference This section lists the Tectia Client and Tectia Server configuration file elements and attributes that are needed for defining the elliptic curve algorithms Tectia Client (ssh-broker-config.xml) User Public Key <authentication-methods> <auth-publickey signature-algorithms="ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,\ ecdsa-sha2-nistp521,x509v3-ecdsa-sha2-nistp256,\ x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521"> </auth-publickey> </authentication-methods> Host Key <hostkey-algorithms> <hostkey-algorithm name="ecdsa-sha2-nistp256" /> <hostkey-algorithm name="ecdsa-sha2-nistp384" /> <hostkey-algorithm name="ecdsa-sha2-nistp521" /> <hostkey-algorithm name="x509v3-ecdsa-sha2-nistp256" /> <hostkey-algorithm name="x509v3-ecdsa-sha2-nistp384" /> <hostkey-algorithm name="x509v3-ecdsa-sha2-nistp521" /> </hostkey-algorithms> KEXs <kexs> <kex name="ecdh-sha2-nistp256" /> <kex name="ecdh-sha2-nistp384" /> <kex name="ecdh-sha2-nistp521" /> </kexs> Tectia Server (ssh-server-config.xml) User Public Key <auth-publickey require-dns-match="no" signature-algorithms="ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,\ ecdsa-sha2-nistp521,x509v3-ecdsa-sha2-nistp256,\ x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521" /> Host Key <hostkey-algorithm name="ecdsa-sha2-nistp256" /> <hostkey-algorithm name="ecdsa-sha2-nistp384" />

24 24 Enabling ECC for Tectia Client and Server on Unix <hostkey-algorithm name="ecdsa-sha2-nistp521" /> <hostkey-algorithm name="x509v3-ecdsa-sha2-nistp256" /> <hostkey-algorithm name="x509v3-ecdsa-sha2-nistp384" /> <hostkey-algorithm name="x509v3-ecdsa-sha2-nistp521" /> KEXs <kex name="ecdh-sha2-nistp256"/> <kex name="ecdh-sha2-nistp384"/> <kex name="ecdh-sha2-nistp521"/>