search

matrix-org / synapse

Synapse: Matrix homeserver written in Python/Twisted.
https://matrix-org.github.io/synapse
Apache License 2.0
11.79k stars 2.13k forks source link

The manhole's hardcoded private key uses a very outdated signature type #12629

Open anoadragon453 opened 2 years ago

anoadragon453 commented 2 years ago

The manhole has a hard-coded private key (https://github.com/matrix-org/synapse/issues/3850) which uses the ssh-rsa signature type. This refers to a combination of RSA and SHA-1, and is now quite outdated.

In fact it's so outdated, that newer versions of OpenSSL will now refuse to connect:

$ ssh -p9000 matrix@localhost
Unable to negotiate with ::1 port 9000: no matching host key type found. Their offer: ssh-rsa

(ssh-rsa was deprecated in OpenSSL v8.2, and disabled in OpenSSL v8.8). We should (at least) use a key with a more up-to-date signature algorithm.

A workaround, if needed, is to add the following to your ~/.ssh/config:

Host <synapse domain>                                
     PubkeyAcceptedAlgorithms +ssh-rsa     
     HostkeyAlgorithms +ssh-rsa
richvdh commented 2 years ago

I was going to say "surely we just generate an Ed25519 key", but then I read https://www.chiark.greenend.org.uk/~cjwatson/blog/lp-new-ssh-features.html. It sounds like that would be ok in a Twisted that contains https://github.com/twisted/twisted/pull/1210 ?

anoadragon453 commented 2 years ago

It sounds like that would be ok in a Twisted that contains https://github.com/twisted/twisted/pull/1210 ?

This landed in Twisted 21.2.0, whereas our minimum Twisted version is currently:

https://github.com/matrix-org/synapse/blob/b2df0716bc0cf31b5f5f90a0599bc1d04a837e27/pyproject.toml#L121

The curve25519-sha256 signature type is supported in Twisted 20.3.0.

One can use nmap --script ssh2-enum-algos -sV -p 9000 localhost to determine what algorithms are supported on the Twisted conch version of a running Synapse server... though I'll admit I don't know which of these are actually relevant here.

Output on Twisted 18.9.0 ``` $ nmap --script ssh2-enum-algos -sV -p 9000 localhost Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-04 14:47 BST Nmap scan report for localhost (127.0.0.1) Host is up (0.000060s latency). Other addresses for localhost (not scanned): ::1 PORT STATE SERVICE VERSION 9000/tcp open ssh (protocol 2.0) | fingerprint-strings: | NULL: | SSH-2.0-Twisted_18.9.0 | Tecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1 | ssh-rsa | caes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-cbc,blowfish-cbc,3des-cbc | caes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-cbc,blowfish-cbc,3des-cbc |
Output on Twisted 20.3.0 ``` $ nmap --script ssh2-enum-algos -sV -p 9000 localhost Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-04 14:48 BST Nmap scan report for localhost (127.0.0.1) Host is up (0.000063s latency). Other addresses for localhost (not scanned): ::1 PORT STATE SERVICE VERSION 9000/tcp open ssh (protocol 2.0) | fingerprint-strings: | NULL: | SSH-2.0-Twisted_20.3.0 | curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1 | ssh-rsa | caes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-cbc,blowfish-cbc,3des-cbc | caes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-cbc,blowfish-cbc,3des-cbc | \x20\x7f\ SF:xc2\xcc\xd0\xccD\x90q\xc2\x9fu\0\0\0\x83curve25519-sha256,curve25519-sh SF:a256@libssh\.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp5 SF:21,diffie-hellman-group14-sha1\0\0\0\x07ssh-rsa\0\0\0caes256-ctr,aes256 SF:-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,cast128-cbc,blowfish-c SF:bc,3des-cbc\0\0\0caes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ct SF:r,aes128-cbc,cast128-cbc,blowfish-cbc,3des-cbc\0\0\0