Internet DRAFT - draft-hallambaker-mesh-app-ssh

draft-hallambaker-mesh-app-ssh







Network Working Group                                    P. Hallam-Baker
Internet-Draft                                         Comodo Group Inc.
Intended status: Informational                           August 18, 2017
Expires: February 19, 2018


                   Mathematical Mesh: SSH Application
                   draft-hallambaker-mesh-app-ssh-01

Abstract

   Mesh/SSH

   The use of the Mathematical Mesh to manage OpenSSH Keys is described.

   This document is also available online at
   http://prismproof.org/Documents/draft-hallambaker-mesh-app-ssh.html .

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on February 19, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of




Hallam-Baker            Expires February 19, 2018               [Page 1]

Internet-Draft     Mathematical Mesh: SSH Application        August 2017


   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
     2.2.  Related Specifications  . . . . . . . . . . . . . . . . .   3
     2.3.  Defined Terms . . . . . . . . . . . . . . . . . . . . . .   3
     2.4.  Implementation Status . . . . . . . . . . . . . . . . . .   4
   3.  User Experience . . . . . . . . . . . . . . . . . . . . . . .   4
     3.1.  Initial profile creation  . . . . . . . . . . . . . . . .   4
     3.2.  Configuring SSH for machine X . . . . . . . . . . . . . .   4
     3.3.  Configuring SSH for machine Y . . . . . . . . . . . . . .   4
     3.4.  Configuring SSH for machine Z . . . . . . . . . . . . . .   5
     3.5.  Deleting a Device . . . . . . . . . . . . . . . . . . . .   5
     3.6.  Future directions . . . . . . . . . . . . . . . . . . . .   5
       3.6.1.  Native Mesh support in SSH  . . . . . . . . . . . . .   5
       3.6.2.  Update Daemon . . . . . . . . . . . . . . . . . . . .   5
       3.6.3.  Batched Connection Requests . . . . . . . . . . . . .   6
       3.6.4.  Enhanced administration . . . . . . . . . . . . . . .   6
   4.  Platform Bindings . . . . . . . . . . . . . . . . . . . . . .   6
     4.1.  OpenSSH Files . . . . . . . . . . . . . . . . . . . . . .   6
   5.  Application Profile . . . . . . . . . . . . . . . . . . . . .   6
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   6
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     9.1.  Normative References  . . . . . . . . . . . . . . . . . .   7
     9.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   The Secure Shell (SSH) transport layer protocol [!RFC4253] is widely
   used as a mechanism for securing access to remote hosts.  In addition
   to providing a terminal connection to a remote host, SSH also
   supports file transfer and remote access (VPN) functionality.  It is
   also used to provide remote procedure call (RPC) capabilities in
   applications such as Git.

   While SSH permits a high level of security to be achieved, achieving
   a high security configuration requires a considerable degree of
   attention to detail.  Numerous ?how to? guides found on the Internet
   advise the user to engage in many unsafe practices.  These include:





Hallam-Baker            Expires February 19, 2018               [Page 2]

Internet-Draft     Mathematical Mesh: SSH Application        August 2017


   Using a single private key for authentication for every machine to be
   used as a client.

   Emailing a copy of the authentication key to yourself to transfer it
   to a new machine.  (Alternatively use of insecure FTP, copying the
   data to /temp, etc.)

   Of equal concern was the fact that none of the guides mentioned any
   form of maintenance activity such as deleting authentication keys for
   a decommissioned device or performing a rekey operation in the case
   that a device is compromised.

   Configuring SSH securely is a non-trivial task because SSH is the
   tool through which the administrator will be connecting to secure
   their system.  This is a bootstrap problem: It is easy to solve the
   problem of SSH configuration once we have SSH configured for use.  To
   enable SSH access to a

   The Mathematical Mesh provides an infrastructure for single touch
   administration of all the devices a user has connected to their Mesh
   profile.  Managing SSH configuration with the Mesh guides the user
   towards use of a maximally secure configuration.  Once the
   configuration is achieved, it is maintained automatically.

2.  Definitions

   This section presents the related specifications and standard, the
   terms that are used as terms of art within the documents and the
   terms used as requirements language.

2.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119] [RFC2119] .

2.2.  Related Specifications

   The related specifications are described in the Mesh Architecture
   specification [draft-hallambaker-mesh-architecture]
   [draft-hallambaker-mesh-architecture]

2.3.  Defined Terms

   No terms of art are defined.






Hallam-Baker            Expires February 19, 2018               [Page 3]

Internet-Draft     Mathematical Mesh: SSH Application        August 2017


2.4.  Implementation Status

   The implementation status of the reference code base is described in
   the companion document [draft-hallambaker-mesh-developer]
   [draft-hallambaker-mesh-developer] .

3.  User Experience

   Alice is a user of three machines, X, Y and Z.  Machines X and Y are
   configured with monitors and keyboards enabling their use as an SSH
   client.  Machine Z is to be configured as a headless machine (no
   monitor).  When finished, Alice wants to be able to connect to
   machines X, Y or Z from machine X or Y.

   Since SSH is a tool principally used on UNIX based systems and
   machines configured to provide similar behavior, this guide assumes
   machines X, Y and Z are all UNIX systems when describing the files to
   be modified.  When used on a Windows machine, the Mesh tools
   configure the equivalent Windows files.

3.1.  Initial profile creation

   If this is the first time Alice has used the Mesh, she creates a
   personal profile for herself on machine X:

   X> meshman /personal alice@mesh.prismproof.org

3.2.  Configuring SSH for machine X

   To configure SSH on machine X, Alice adds it to her profile.

   X> meshman /ssh

   Note that the meshman tool only performs the

   At this point, Alice has a new private key that is unique to machine
   X and the corresponding public key has been added to her profile

3.3.  Configuring SSH for machine Y

   To configure the second machine, Alice first requests adding it to
   her profile:

   Y>

   This request must be accepted on machine X:

   X>



Hallam-Baker            Expires February 19, 2018               [Page 4]

Internet-Draft     Mathematical Mesh: SSH Application        August 2017


   Alice now adds the SSH profile to machine Y:

   Y> meshman /ssh

   At this point machines X and Y both have a unique private key and
   both the corresponding public keys have been added to the authorized
   key files on Y.  The authorized key file on X will be updated by a
   mesh profile manager running periodically.

3.4.  Configuring SSH for machine Z

   Configuration of machine Z begins in exactly the same way as for
   machine Y.  The only difference is that when she creates the SSH
   profile for the device, she requests it be a host only profile:

   Z> meshman /ssh /host

3.5.  Deleting a Device

3.6.  Future directions

3.6.1.  Native Mesh support in SSH

   The chief weakness in this user experience is that the machines
   cannot update themselves automatically or even know when an update is
   required.  The only approach that is available is for the host
   devices to periodically poll the Mesh portal and request updates for
   the registered profiles.

   This delay can be avoided if the SSH protocol and implementations
   were updated to support direct use of Mesh profiles.  This allows a
   client to push the updated profile data to the server when making the
   connection attempt.

3.6.2.  Update Daemon

   Native support allows the process of adding devices to be automated
   but does not guarantee timely processing of deletion requests.  It
   also requires action by third parties who may not be interested in
   providing Mesh support.

   A better approach would be to run a daemon on each machine that could
   receive update notifications from the portal whenever a significant
   event (profile addition/deletion) had occurred.







Hallam-Baker            Expires February 19, 2018               [Page 5]

Internet-Draft     Mathematical Mesh: SSH Application        August 2017


3.6.3.  Batched Connection Requests

   The existing management tools require a device to be connected to a
   profile before use of applications are enabled on the device.

3.6.4.  Enhanced administration

   While this approach is functional, it does not meet the requirement
   for complete mediation of the log in request.  While the system
   administrator has the ability to permit or deny remote access
   capabilities to a user, these are the only options that the
   administration tools currently supported by most SSH configurations
   provide.  The administrator cannot control the types of credentials
   used by specific users.

   The Mesh could be employed to permit a closer level of control.
   Storing the user?s profile fingerprint in the password database
   (/etc/passwd or /etc/shadow) would allow every application and system
   utility to refer to a single root of trust for authenticating every
   credential presented by a user.

4.  Platform Bindings

   Since SSH is an application program

4.1.  OpenSSH Files

      Contains a list of all the keys that are authorized to access the
      corresponding account.  This is a list of Mesh SSH per device
      application keys.

      Default name for the user?s RSA public key

      Default name for the user?s RSA private key

      List of host keys known to this user.

5.  Application Profile

6.  Acknowledgements

7.  Security Considerations

   [This is just a sketch for the present.]







Hallam-Baker            Expires February 19, 2018               [Page 6]

Internet-Draft     Mathematical Mesh: SSH Application        August 2017


8.  IANA Considerations

   [TBS list out all the code points that require an IANA registration]

9.  References

9.1.  Normative References

   [draft-hallambaker-mesh-architecture]
              Hallam-Baker, P., "Mathematical Mesh: Architecture",
              draft-hallambaker-mesh-architecture-03 (work in progress),
              May 2017.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997.

9.2.  Informative References

   [draft-hallambaker-mesh-developer]
              Hallam-Baker, P., "Mathematical Mesh: Developer's Guide",
              draft-hallambaker-mesh-developer-02 (work in progress),
              September 2016.

Author's Address

   Phillip Hallam-Baker
   Comodo Group Inc.

   Email: philliph@comodo.com





















Hallam-Baker            Expires February 19, 2018               [Page 7]