1 OpenSSH
OpenSSH 是 SSH (Secure SHell) 协议的免费开源实现。
OpenSSH是使用SSH透过计算机网络加密通讯的实现。
SSH协议族可以用来进行远程控制, 或在计算机之间传送文件。
而实现此功能的传统方式,如 telnet(终端仿真协议)、 rcp ftp、 rlogin、rsh都是极为不安全的,并且会使用明文传送密码。
OpenSSH提供了服务端后台程序和客户端工具,用来加密远程控制和文件传输过程中的数据,并由此来代替原来的类似服务。
1-1 定义
OpenSSH在其官网是如此描述的:
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.
OpenSSH是使用SSH协议进行远程登录的主要连接工具。
它对所有流量进行加密,以消除窃听、连接劫持和其他攻击。
此外,OpenSSH还提供了一整套安全的隧道功能、几种身份验证方法和复杂的配置选项。
1-2 项目组件
截至目前(2020-10-15),OpenSSH的最新版本为: OpenSSH 8.4,其发布于 2020.9.27
The OpenSSH suite consists of the following tools:
Remote operations are done using ssh, scp, and sftp.
Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
The service side consists of sshd, sftp-server, and ssh-agent.
OpenSSH套件由以下工具组成:
+ 远程操作是使用ssh、scp和sftp完成的。
+ 使用ssh-add、ssh-keysign、ssh- keyyscan和ssh-keygen进行密钥管理。
+ 服务端由sshd、sftp-server和ssh-agent组成。
客户端: ssh / scp / sftp
SSH: SSH客户端。rlogin与Telnet的替代方案。
SCP/SFTP: rcp的替代方案,将文件复制到其他电脑上。
服务端: sshd / sftp-server / ssh-agent
SSH服务端
密钥管理: ssh-add / ssh-keysign / ssh-keyscan / ssh-keygen
ssh-add/ssh-agent: 帮助用户不需要每次都要输入密钥密码的工具。
ssh-keysign:
ssh-keyscan: 扫描一群机器,并记录其公钥。
ssh-keygen: 产生RSA或DSA密钥,用来认证用。
1-3 风险与漏洞
[高风险]OpenSSH远程根认证定时侧通道弱点(CVE-2003-1562)
[风险描述]
在OpenSSH 3.6.1p2及更早版本中,
当禁用PermitRootLogin并使用PAM键盘交互式身份验证时,sshd在使用正确密码进行root登录尝试后不会插入延迟,
这使远程攻击者更容易使用时序差异来确定是否多步验证的密码步骤是成功的,与CVE-2003-0190不同。
[中风险]OpenSSH PAM启用验证延迟信息泄露漏洞(CVE-2003-0190)
CVE-2003-0190 - CVE
CNNVD-200305-021 - 中国国家信息安全漏洞库
[风险描述]
OpenSSH是一种开放源码的SSH协议的实现,目前移植在多种系统下工作。
移植的OpenSSH版本在支持PAM的情况下存在时序攻击问题,远程攻击者可以利用这个漏洞判断用户是否存在,导致信息泄露。
根据测试,如果OpenSSH以--with-pam进行配置的情况下,由于对合法用户和非法用户响应信息的时间不同,该可以判断系统用户是否存在。
在判断用户情况下,可以进一步通过猜测密码进行攻击。
SSH
Secure Shell(安全外壳协议,简称SSH)是一种加密的网络传输协议,可在不安全的网络中为网络服务提供安全的传输环境。SSH通过在网络中创建安全隧道来实现SSH客户端与服务器之间的连接。虽然任何网络服务都可以通过SSH实现安全传输,SSH最常见的用途是远程登录系统,人们通常利用SSH来传输命令行界面和远程执行命令。使用频率最高的场合类Unix系统,但是Windows操作系统也能有限度地使用SSH。2015年,微软宣布将在未来的操作系统中提供原生SSH协议支持。
在设计上,SSH是Telnet和非安全shell的替代品。Telnet和Berkeleyrlogin、rsh、rexec等协议采用明文传输,使用不可靠的密码,容易遭到监听、嗅探和中间人攻击。SSH旨在保证非安全网络环境(例如互联网)中信息加密完整可靠。
不过,SSH也被指出有被嗅探甚至解密的漏洞。
早在2011年,中国的互联网审查机构已经有能力针对SSH连接的刺探及干扰。
而后爱德华·斯诺登泄露的文件也指出,美国国家安全局有时能够把SSH协议传输的信息解密出来,从而读出SSH会话的传输内容。
2017年7月6日,非营利组织维基解密确认美国中央情报局已经开发出能够在Windows或Linux操作系统中窃取SSH会话的工具。
1-4 关于开源: OpenSSH————开源计划OpenBSD的子计划
OpenSSH is developed by a few developers of the OpenBSD Project and made available under a BSD-style license.
OpenSSH is incorporated into many commercial products, but very few of those companies assist OpenSSH with funding.
OpenBSD is developed entirely by volunteers. The project's development environment and developer events are funded through contributions collected by The OpenBSD Foundation. Contributions ensure that OpenBSD will remain a vibrant and free operating system.
Contributions towards OpenSSH can be sent to the OpenBSD Foundation.
OpenSSH是由OpenBSD项目的一些开发人员开发的,并在bsd风格的许可下提供。
OpenSSH被整合到许多商业产品中,但这些公司中很少有公司为OpenSSH提供资金支持。 [来自官方的吐槽...]
OpenBSD完全由志愿者开发。
该项目的开发环境和开发人员活动由OpenBSD基金会收集的捐款提供资金。
贡献的资金确保了OpenBSD将继续是一个充满活力和自由的操作系统。
对OpenSSH的资金捐献可以发送到OpenBSD基金会。
补充说明: OpenSSH 与 OpenSSL
OpenSSH常常被误认以为与OpenSSL有关联,但实际上这两个计划的有不同的目的,不同的发展团队,名称相近。
只是因为两者有同样的软件发展目标──提供开放源代码的加密通讯软件。
2 常用命令
2-1 ssh / sshd
# 开启/关闭 开机自启 【SSH服务端】
systemctl enable/disable sshd
# 重新加载【SSH服务端】服务配置
systemctl reload sshd
# 启动/停止/重启 【SSH服务端】服务
systemctl start/stop/restart sshd
/etc/init.d/sshd start/stop/restart
# 查看【SSH服务端】服务状态( inactive(非活动状态) / active(活动状态) )
systemctl status sshd
/etc/init.d/sshd status
systemctl list-unit-files | grep sshd 或 netstat -antulp | grep ssh # 列出本机已开启服务当前状态
[查看 OpenSSH 版本]
[root@govern ~]# ssh -V
OpenSSH_8.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013
[查看 OpenSSL 版本]
[root@govern ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
3 应用场景
场景1 - 在Git配置远程仓库(GitLab/Github)中的应用
step1 给Git 设置一个全局的账户(远程仓库GitLab[/Github/...]账户)
git config user.name "yourGitLabName"
git config user.email "myGitlab@email.cn"
step2 使用远程仓库GitLab账户的邮箱生成SSH密钥对
(默认:在Windows系统中生成id_rsa :C:/用户/username/.ssh/id_rsa)
ssh-keygen -t rsa -C "myGitlab@email.cn"
至此,SSH密钥对(公钥[*.pub]+私钥)已生成,在 ~/.ssh 文件夹下
(~/.ssh 即C: Users/yourUserName/)
> 文件1: id_rsa [私钥]
> 文件2: id_rsa.pub [公钥]
step3 将公钥文件的内容全文复制到 GitLab的个人账户的SSH公钥管理处
...(本地电脑单远程仓库账户时,单即可直接使用Git了)
》》》 多远程仓库
但是Git 默认的只会用id_rsa这个密钥对。
如果想针对不同的域名(多远程仓库)使用不同的密钥对, 需要做设置,即 配置known_hosts文件。
step4 配置known_hosts文件
PS1: 把id_rsa_github密钥对添加到配置列表。若此命令报错 ,请先执行:ssh-agent bash
或ssh-agent tcsh (另一Shell)
ssh-add ~/.ssh/id_rsa_github
PS2:新增完后,可执行本命令进行测试:
ssh -T git@github.com
PS3:在后续的使用中,例如git clone、git init/clone/pull/push等与远程仓库相关的首次操作前,建议先检查【git config –get user.email / git config -l / git branch -av】一下:
本地仓库对应的个人账户是否无误
本地仓库对应的远程仓库地址是否无误
(避免将源码提交至错误的远程仓库 或 出现 push/pull失败等情况)
PS4:获取SSH公钥的HASH指纹值——ssh-keygen -lf ~/.ssh/id_rsa_github.pub
-l 表示"list",而不是创建新密钥; -f 表示"filename"
4 OpenSSL
4-1 OpenSSL 命令
4-1-1 openssl --help
[root@centos7-202010061038 ~]# openssl --help
openssl:Error: '--help' is an invalid command.
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac ts verify version
x509
Message Digest commands (see the `dgst' command for more details)
md2 md4 md5 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 rc5 rc5-cbc rc5-cfb
rc5-ecb rc5-ofb seed seed-cbc
seed-cfb seed-ecb seed-ofb zlib
openssl命令总览
version 用于查看版本信息
enc 用于加解密
ciphers 列出加密套件
genrsa 用于生成私钥
rsa RSA密钥管理(例如:从私钥中提取公钥)
req 生成证书签名请求(CSR)
crl 证书吊销列表(CRL)管理
ca CA管理(例如对证书进行签名)
dgst 生成信息摘要
rsautl 用于完成RSA签名、验证、加密和解密功能
passwd 生成散列密码
rand 生成伪随机数
speed 用于测试加解密速度
s_client 通用的SSL/TLS客户端测试工具
X509 X.509证书管理
verify X.509证书验证
pkcs7 PKCS#7协议数据管理
pkcs8 PKCS#8协议数据管理
pkcs12 PKCS#12协议数据管理
4-1-2 openssl ciphers
openssl ciphers [-v] [-ssl2] [-ssl3] [-tls1] [cipherlist]
-v:详细列出所有加密套件。包括ssl版本(SSLv2、SSLv3以及 TLS)、密钥交换算法、身份验证算法、对称算法、摘要算法以及该算法是否可以出口。
-ssl2:只列出SSLv2使用的加密套件。
-ssl3:只列出SSLv3使用的加密套件。
-tls1:只列出tls使用的加密套件。
cipherlist:列出一个cipher list的详细内容。用此项能列出所有符合规则的加密套件,如果不加-v选项,它只显示各个套件名字;
case1 查看是否支持某一 密钥套件(cipher suite)
[root@centos7-202010061038 ~]# openssl ciphers | awk 'BEGIN{i=1}{gsub(/:/, ",\n");i++;print}' | grep -i DES
ECDHE-RSA-DES-CBC3-SHA,
ECDHE-ECDSA-DES-CBC3-SHA,
EDH-RSA-DES-CBC3-SHA,
EDH-DSS-DES-CBC3-SHA,
DH-RSA-DES-CBC3-SHA,
DH-DSS-DES-CBC3-SHA,
ECDH-RSA-DES-CBC3-SHA,
ECDH-ECDSA-DES-CBC3-SHA,
DES-CBC3-SHA,
PSK-3DES-EDE-CBC-SHA,
KRB5-DES-CBC3-SHA,
KRB5-DES-CBC3-MD5,
或
[root@centos7 ~]# openssl ciphers -v | grep -i DES
ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
DH-RSA-DES-CBC3-SHA SSLv3 Kx=DH/RSA Au=DH Enc=3DES(168) Mac=SHA1
DH-DSS-DES-CBC3-SHA SSLv3 Kx=DH/DSS Au=DH Enc=3DES(168) Mac=SHA1
ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1
KRB5-DES-CBC3-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5
case2 列出所有加密套件的详细信息
-v:详细列出所有加密套件。包括ssl版本(SSLv2、SSLv3以及 TLS)、密钥交换算法、身份验证算法、对称算法、摘要算法以及该算法是否可以出口。
[root@centos7 ~]# openssl ciphers -v
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
...
4-1-3 openssl s_client
case1 openssl s_client --help
[root@centos7-202010061038 ~]# openssl s_client --help
unknown option --help
usage: s_client args
-host host - use -connect instead
-port port - use -connect instead
-connect host:port - who to connect to (default is localhost:4433)
-verify_hostname host - check peer certificate matches "host"
-verify_email email - check peer certificate matches "email"
-verify_ip ipaddr - check peer certificate matches "ipaddr"
-verify arg - turn on peer certificate verification
-verify_return_error - return verification errors
-cert arg - certificate file to use, PEM format assumed
-certform arg - certificate format (PEM or DER) PEM default
-key arg - Private key file to use, in cert file if
not specified but cert file is.
-keyform arg - key format (PEM or DER) PEM default
-pass arg - private key file pass phrase source
-CApath arg - PEM format directory of CA's
-CAfile arg - PEM format file of CA's
-trusted_first - Use trusted CA's first when building the trust chain
-no_alt_chains - only ever use the first certificate chain found
-reconnect - Drop and re-make the connection with the same Session-ID
-pause - sleep(1) after each read(2) and write(2) system call
-prexit - print session information even on connection failure
-showcerts - show all certificates in the chain
-debug - extra output
-msg - Show protocol messages
-nbio_test - more ssl protocol testing
-state - print the 'ssl' states
-nbio - Run with non-blocking IO
-crlf - convert LF from terminal into CRLF
-quiet - no s_client output
-ign_eof - ignore input eof (default when -quiet)
-no_ign_eof - don't ignore input eof
-psk_identity arg - PSK identity
-psk arg - PSK in hex (without 0x)
-ssl3 - just use SSLv3
-tls1_2 - just use TLSv1.2
-tls1_1 - just use TLSv1.1
-tls1 - just use TLSv1
-dtls1 - just use DTLSv1
-fallback_scsv - send TLS_FALLBACK_SCSV
-mtu - set the link layer MTU
-no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
-bugs - Switch on all SSL implementation bug workarounds
-cipher - preferred cipher to use, use the 'openssl ciphers'
command to see what is available
-starttls prot - use the STARTTLS command before starting TLS
for those protocols that support it, where
'prot' defines which one to assume. Currently,
only "smtp", "pop3", "imap", "ftp", "xmpp",
"xmpp-server", "irc", "postgres", "lmtp", "nntp",
"sieve" and "ldap" are supported.
-xmpphost host - Host to use with "-starttls xmpp[-server]"
-name host - Hostname to use for "-starttls lmtp" or "-starttls smtp"
-krb5svc arg - Kerberos service name
-engine id - Initialise and use the specified engine
-rand file:file:...
-sess_out arg - file to write SSL session to
-sess_in arg - file to read SSL session from
-servername host - Set TLS extension servername in ClientHello
-tlsextdebug - hex dump of all TLS extensions received
-status - request certificate status from server
-no_ticket - disable use of RFC4507bis session tickets
-serverinfo types - send empty ClientHello extensions (comma-separated numbers)
-curves arg - Elliptic curves to advertise (colon-separated list)
-sigalgs arg - Signature algorithms to support (colon-separated list)
-client_sigalgs arg - Signature algorithms to support for client
certificate authentication (colon-separated list)
-nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)
-alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)
-use_srtp profiles - Offer SRTP key management with a colon-separated profile list
-keymatexport label - Export keying material using label
-keymatexportlen len - Export len bytes of keying material (default 20)
case2 验证服务端/指定主机是否支持指定的cipher
# openssl s_client -connect www.baidu.com:443 -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256
-tls1_2用于指定tls版本
4-2 SSL协议的实现组件 : OpenSSL / wolfSSL / yaSSL
1) OpenSSL | YaSSL(CYaSSL) := 原wolfSSL的早期(C++)版
2) 所支持的SSL/TLS/DTLS协议版本
YaSSL / CYaSSL : SSL3.0 / TLS1.0 / TLS1.1 / DTLS1.0 【即 不支持:TLS1.2】
wolfSSL : SSL3.0 / TLSv1.0,TLSv1.1,TLSv1.2 / TLSv1.3
openSSL : SSL3.0 / TLS1.0 / TLS1.1 / TLS1.2, TLS1.3
3) 支持的加密算法
YaSSL - DES, 3DES, AES, ARC4, RABBIT, HC-128
4) 官网及特点
YaSSL/CYaSSL
https://www.wolfssl.com/products/yassl/ (原:https://yassl.com) - 官网
https://github.com/cyassl/cyassl - github
https://www.wolfssl.com/docs/yassl-architecture-design/ - YaSSL体系结构设计
yet another SSL / CYaSSL,wolfSSL的早期版本,基于C++,为嵌入式环境和资源限制的实时操作系统提供SSL功能库
始建于2004,其github于2014年已停止维护,但最新版2.4.4于2017年释出。
wolfSSL / CyaSSL / yaSSL的第一个主要用户是MySQL
通过捆绑MySQL,yaSSL已实现百万级的极高分发量;但MySQL5.7.28及以后,便不再支持yaSSL,且仅支持OpenSSL
wolfSSL – 北城百科 : https://www.beichengjiu.com/cryptography/169285.html
wolfSSL
https://www.wolfssl.com/products/wolfssl/ - 官网
https://github.com/wolfSSL/wolfssl - github
Wolfssl的定位:1)嵌入式TLS库 2)原名:CYaSSL / yet another SSL
https://segmentfault.com/a/1190000000471532
https://bugs.mysql.com/bug.php?id=75239
OpenSSL
https://www.openssl.org/ - 官网
MySQL
https://mysql.com - 官网
4-3 MySQL对OpenSSL / yaSSL的支持
4-3-1 MySQL对OpenSSL / yaSSL的支持 (stop at 5.7.28)
2.9.6配置SSL库支持 - https://dev.mysql.com/doc/refman/5.7/en/source-ssl-library-configuration.html
仅在MySQL 5.7.28之前,才可以使用yaSSL替代OpenSSL来编译MySQL。从MySQL 5.7.28开始,对yaSSL的支持已删除,所有MySQL构建都使用OpenSSL。
如果从源发行版编译MySQL,则CMake会将发行版 配置为默认使用已安装的OpenSSL库。
要确定服务器是使用OpenSSL还是yaSSL编译的,请检查是否存在仅适用于OpenSSL的任何系统变量或状态变量。请参见第6.3.4节“依赖于SSL库的功能”
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-11.html
MySQL 8.0构建现在使用OpenSSL而不是yaSSL作为默认SSL库。MySQL不再支持使用yaSSL进行构建,并且源发行版不再包括yaSSL。
6.3.4 SSL Library-Dependent Capabilities - https://dev.mysql.com/doc/refman/5.7/en/ssl-libraries.html
OpenSSL支持TLSv1,TLSv1.1和TLSv1.2协议。yaSSL仅支持TLSv1和TLSv1.1协议。
4-3-2 MySQL 5.7.28版本前后对SSL的默认开闭情况
【MySQL 5.7.27及以前,默认关闭SSL / MySQL 5.7.28及以后,默认开启(open)SSL】
详见此博文: 故障分析 | Bad handshake,升级 5.7.28 引起的“血案” - CSDN
[5.7.27]
mysql> select @@version;
+------------+
| @@version |
+------------+
| 5.7.27-log |
+------------+
1 row in set (0.00 sec)
mysql> show variables like '%ssl%';
+---------------+----------+
| Variable_name | Value |
+---------------+----------+
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | |
+---------------+----------+
9 rows in set (0.00 sec)
mysql err log 显示: 正常
【结论1】MySQL 5.7.27 版本及以下,若jdbc连接串错误地配置了
useSSL=true,并不会有问题。因为数据库默认关闭 SSL,所以连接实际上并不会使用到 SSL,一切正常。
[5.7.28]
mysql> show variables like '%ssl%';
+---------------+-----------------+
| Variable_name | Value |
+---------------+-----------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | ca.pem |
| ssl_capath | |
| ssl_cert | server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | server-key.pem |
+---------------+-----------------+
9 rows in set (0.00 sec)
Tomcat可能出如下异常:
上面日志,能看出:
1) SSL 相关异常。
2)1个关键的报错: 握手异常,且有证书相关的报错。
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
后经测试证实: jdbc 连接要求 SSL 和 证书认证要一起使用。
mysql err log 显示: Bad handshake
2020-05-06T19:12:13.107321+08:00 2 [Note] Bad handshake
【结论2】MySQL5.7.28 版本及以后:
若jdbc连接串错误地配置了 useSSL=true,会有问题,因为数据库默认开启 SSL。所以,连接实际上应用连接会真的去使用 SSL,但是因为证书问题,将导致连接失败。
若jdbc连接去掉 useSSL=true (≈ useSSL=false): 发现一切正常,但 tomcat 日志有以下的 warnings:
Wed May 06 20:54:47 CST 2020 WARN: Establishing SSL connection without server’s identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn’t set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to ‘false’. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
+ 不建议在未经服务器身份验证的情况下建立 SSL 连接。
+ 根据 MySQL 5.5.45+、5.6.26+ 和 5.7.6+ 的要求,如果未设置显式选项,则默认情况下必须建立 SSL 连接。
+ 为了符合不使用 SSL 的现有应用程序,verifyServerCertificate 属性设置为"false"。
+ 您需要通过设置 useSSL=false 显式禁用 SSL,或设置 useSSL=true 并为服务器证书验证提供 truststore。
5 Openssh命令
ssh的配置文件: /etc/ssh/ssh_config
# $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
#
# Uncomment this if you want to use .local domain
# Host *.local
# CheckHostIP no
Host *
GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
ForwardX11Trusted yes
# Send locale-related environment variables
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
SendEnv XMODIFIERS
sshd的配置文件: /etc/ssh/sshd_config
# /etc/sshd/ssh_config
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
查看sshd服务支持的cipher/加密算法
方法1:ssh -Q cipher
# ssh -Q cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
方法2:使用man sshd_config查看Ciphers项可以看到sshd支持的算法(如下图所示)
# man sshd_config
...
Ciphers
Specifies the ciphers allowed. Multiple ciphers must be comma-separated. If the specified value begins with a ‘+’ character, then the speci‐
fied ciphers will be appended to the default set instead of replacing them.
The supported ciphers are:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
chacha20-poly1305@openssh.com
The default is:
chacha20-poly1305@openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
aes128-gcm@openssh.com,aes256-gcm@openssh.com,
aes128-cbc,aes192-cbc,aes256-cbc,
blowfish-cbc,cast128-cbc,3des-cbc
The list of available ciphers may also be obtained using "ssh -Q cipher".
...
使用指定的(订制)加密算法
(未亲测)
ssh cipher encryption custom aes128-ctr:aes192-ctr:aes256-ctr
X 参考/推荐文献
OpenBSD - Official Website
OpenSSH - Official Website
OpenSSH - Official Usage eBook - feistyduck.com
OpenSSL - Official Website
wolfSSL - Official Website
yaSSL - Official Website
OpenSSH 8.4 - Official Website
[高风险]OpenSSH远程根认证定时侧通道弱点(CVE-2003-1562) - CVE
OpenSSH - 百度百科
[Linux]Xshell连接Centos7能Ping通但无法连接问题[ssh(d)+firewall(d)] - 博客园/千千寰宇
OpenSSL禁用特定密钥套件 - Dazhuanlan
OpenSSL编写SSL,TLS程序 - 博客园
OpenSSL与yaSSL性能对比 - Tencent Cloud
故障分析 | Bad handshake,升级 5.7.28 引起的“血案” - CSDN
禁用SSH服务器CBC在ASA的模式密码器 - cisco
OpenSSH CBC模式信息泄露漏洞(CVE-2008-5161)【原理扫描】 - 博客园 [亲测有效/推荐]
SSH服务器配置为支持密码块链接(CBC)加密不安全,修改加密方式为CTR - 博客园
