Launchpad operates a few SSH endpoints:
git.launchpad.net for code hosting, and
ppa.launchpad.net for uploading packages. None of these are
straightforward OpenSSH servers, because they don’t give ordinary shell
access and they authenticate against users’ SSH keys recorded in Launchpad;
both of these are much easier to do with SSH server code that we can use in
library form as part of another service. We use
Twisted for several other tasks
where we need event-based networking code, and its
conch package is a good
fit for this.
Of course, this means that it’s important that conch keeps up to date with
the cryptographic state of the art in other SSH implementations, and this
hasn’t always been the case. OpenSSH 7.0 dropped support for some old
algorithms, including disabling the
diffie-hellman-group1-sha1 key exchange method at run-time.
Unfortunately, this also happened to be the only key exchange method that
Launchpad’s SSH endpoints supported (conch supported the slightly better
diffie-hellman-group-exchange-sha1 method as well, but that was disabled
in Launchpad due to a missing piece of configuration). SHA-2
support was clearly called for,
and the fact that we had to get this sorted out in conch first meant that
everything took a bit longer than we’d hoped.
In Twisted 15.5, we contributed support for several conch improvements:
- diffie-hellman-group14-sha1 key exchange (mostly by Ian Moore, finished off by me)
- diffie-hellman-group-exchange-sha256 key exchange
- hmac-sha2-256 and hmac-sha2-512 MACs
Between them and with some adjustments to the lazr.sshserver package we use to glue all this together to add support for DH group exchange, these are enough to allow us not to rely on SHA-1 at all, and these improvements have now been rolled out to all four endpoints listed above. I’ve thus also uploaded OpenSSH 7.1 packages to Debian unstable.
If you also run a Twisted-based SSH server, upgrade it now! Otherwise it will be harder for users of recent OpenSSH client versions to use your server, and for good reason.