2014-04-11
The relationship between SSH, SSL, and the Heartbleed bug
I will lead with the summary: since the Heartbleed bug is a bug in OpenSSL's implementation of a part of the TLS protocol, no version or implementation of SSH is affected by Heartbleed because the SSH protocol is not built on top of TLS.
So, there's four things involved here:
- SSL aka TLS
is the underlying network encryption protocol used for HTTPS and
a bunch of other SSL/TLS things. Heartbleed
is an error in implementing the 'TLS heartbeat' protocol extension
to the TLS protocol. A number of other secure protocols are built
partially or completely on top of TLS, such as OpenVPN.
- SSH is the protocol
used for, well, SSH connections. It's completely separate from
TLS and is not layered on top of it in any way. However, TLS and
SSH both use a common set of cryptography primitives such as
Diffie-Hellman key exchange, AES, and
SHA1.
(Anyone sane who's designing a secure protocol reuses these primitives instead of trying to invent their own.)
- OpenSSL is an implementation of SSL/TLS in the form of a large
cryptography library. It also exports a whole bunch of functions
and so on that do various cryptography primitives and other
lower-level operations that are useful for things doing cryptography
in general.
- OpenSSH is one implementation of the SSH protocol. It uses various functions exported by OpenSSL for a lot of cryptography related things such as generating randomness, but it doesn't use the SSL/TLS portions of OpenSSL because SSH (the protocol) doesn't involve TLS (the protocol).
Low level flaws in OpenSSL such as Debian breaking its randomness can affect OpenSSH when OpenSSH uses something that's affected by the low level flaw. In the case of the Debian issue, OpenSSH gets its random numbers from OpenSSL and so was affected in a number of ways.
High level flaws in OpenSSL's implementation of TLS itself will never affect OpenSSH because OpenSSH simply doesn't use those bits of OpenSSL. For instance, if OpenSSL turns out to have an SSL certificate verification bug (which happened recently with other SSL implementations) it won't affect OpenSSH's SSH user and host key verification.
As a corollary, OpenSSH (and all SSH implementations) aren't directly affected by TLS protocol attacks such as BEAST or Lucky Thirteen, although people may be able to develop similar attacks against SSH using the same general principles.
What sort of kernel command line arguments Fedora 20's dracut seems to want
Recently I upgraded the kernel on my Fedora 20 office workstation, rebooted the machine, and had it hang in early boot (the first two are routine, the last is not). Forcing a reboot back to the earlier kernel brought things back to life. After a bunch of investigation I discovered that this was not actually due to the new kernel, it was due to an earlier dracut update. So this is the first thing to learn: if a dracut update breaks something in the boot process, you'll probably only discover this the next time you upgrade the kernel and the (new) dracut builds a (new and not working) initramfs for it.
The second thing I discovered in the process of this is the Fedora boot process will wait for a really long time for your root filesystem to appear before giving up, printing messages about it, and giving you an emergency shell, where by a really long time I mean 'many minutes' (I think at least five). It turned out that my boot process had not locked up but instead it was sitting around waiting my root filesystem to appear. Of course this wait was silent, with no warnings or status notes reported on the console, so I thought that things had hung. The reason the boot process couldn't find my root filesystem was that my root filesystem is on software RAID and the new dracut has stopped assembling such things for a bunch of people.
(Fedora apparently considers this new dracut state to be 'working as designed', based on bug reports I've skimmed.)
I don't know exactly what changed between the old dracut and the
new dracut, but what I do know is that the new dracut really wants
you to explicitly tell it what software RAID devices, LVM devices,
or other things to bring up on boot through arguments added to the
kernel command line. dracut.cmdline(7)
will tell you all about the many options, but the really useful thing
to know is that you can get dracut itself to tell you what it wants
via 'dracut --print-cmdline
'.
For me on my machine, this prints out (and booting wants):
- three
rd.md.uuid=<UUID>
settings for the software RAID arrays of my root filesystem, the swap partition, and/boot
. I'm not sure why dracut includes/boot
but I left it in. The kernel command line is already absurdly over-long on a modern Fedora machine, so whatever.(There are similar options for LVM volumes, LUKS, and so on.)
- a '
root=UUID=<UUID>
' stanza to specify the UUID of the root filesystem. It's possible that my old 'root=/dev/mdXX
' would have worked (the root's RAID array is assembled with the right name), but I didn't feel like finding out the hard way. rootflags=...
androotfstype=ext4
for more information about mounting the root filesystem.resume=UUID=<UUID>
, which points to my swap area. I omitted this in the kernel command line I set ingrub.cfg
because I never suspend my workstation. Nothing has exploded yet.
The simplest approach to fixing up your machine in a situation like
this is probably to just update grub.cfg
to add everything dracut
wants to the new kernel's command line (removing any existing
conflicting options, eg an old root=/dev/XXX
setting). I looked
into just what the arguments were and omitted one for no particularly
good reason.
(I won't say that Dracut is magic, because I'm sure it could all be read up on and decoded if I wanted to. I just think that doing so is not worth bothering with for most people. Modern Linux booting is functionally a black box, partly because it's so complex and partly because it almost always just works.)