sshj
sshj copied to clipboard
hierynomus
SSHJ FIPS support
Hi,
When Linux system is FIPS enabled, while connecting using sshj client, getting NPE. When FIPS is disabled, we can successfully establish ssh connection. Please suggest.
2021-02-24 14:27:34,672 INFO [net.schmizz.sshj.transport.TransportImpl] (default task-7) Client identity string: SSH-2.0-SSHJ_0.27.0
2021-02-24 14:27:34,773 INFO [net.schmizz.sshj.transport.TransportImpl] (default task-7) Server identity string: SSH-2.0-OpenSSH_7.4
2021-02-24 14:27:34,829 ERROR [net.schmizz.sshj.transport.TransportImpl] (reader) Dying because - null: java.lang.NullPointerException
at net.schmizz.sshj.transport.kex.AbstractDHGex.parseGexReply(AbstractDHGex.java:89)
at net.schmizz.sshj.transport.kex.AbstractDHGex.next(AbstractDHGex.java:58)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:364)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:503)
at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
2021-02-24 14:27:34,830 INFO [net.schmizz.sshj.transport.TransportImpl] (reader) Disconnected - UNKNOWN
2021-02-24 14:27:34,834 ERROR [net.schmizz.concurrent.Promise] (default task-7) <
It might be that for FIPS you would require a different version of BouncyCastle to handle the encryption. Not sure actually, I know there is a FIPS certified version of it.
I am currently evaluating sshj for use with BouncyCastle's FIPS providers:
fips.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
fips.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS
fips.provider.3=sun.security.provider.Sun
See list of provider facilities.
So far I found the following issues:
- BouncyCastle's FIPS provider cannot coexist with BouncyCastle's non-FIPS provider.
- BouncyCastle's FIPS provider does not offer MD5 since it's not FIPS-approved, which fails the registerSecurityProvider (although both DH and MD5 would exist in sun.security.provider.Sun)
- By above, the SSHJ code under bouncyCastleRegistered condition (e.g. DefaultConfig) will be skipped (e.g. setFileKeyProviderFactories, which basically precludes use of any kind of key-based authentication).
- In FIPS mode, list of allowed cryptographic primitives would need to be restricted. For reference, this is the list for openssh FIPS security policy from vanilla CentOS 8.3:
Ciphers [email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc
MACs [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,hmac-sha2-512
GSSAPIKeyExchange no
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,[email protected],ecdsa-sha2-nistp384,[email protected],ecdsa-sha2-nistp521,[email protected],rsa-sha2-256,[email protected],rsa-sha2-512,[email protected]
CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512
I'll see about tackling some of these issues.
EDIT: qualified the origin of the openssh FIPS-restricted settings.
I was able to access a FIPS machine, using the workaround I wrote yesterday. I'm just looking to see if this is being worked on currently. The clean and useful way to address this would be for me to provide a patch.
https://github.com/hierynomus/sshj/issues/526#issuecomment-895576566
