SSH SHA-2 support in Twisted

Launchpad operates a few SSH endpoints: and for code hosting, and and for uploading packages. None of these are straightforward OpenSSH servers, because they don’t give ordinary shell access and they authenticate against users’ SSH keys recorded in Launchpad; both of these are much easier to do with SSH server code that we can use in library form as part of another service. We use Twisted for several other tasks where we need event-based networking code, and its conch package is a good fit for this.

Of course, this means that it’s important that conch keeps up to date with the cryptographic state of the art in other SSH implementations, and this hasn’t always been the case. OpenSSH 7.0 dropped support for some old algorithms, including disabling the 1024-bit diffie-hellman-group1-sha1 key exchange method at run-time. Unfortunately, this also happened to be the only key exchange method that Launchpad’s SSH endpoints supported (conch supported the slightly better diffie-hellman-group-exchange-sha1 method as well, but that was disabled in Launchpad due to a missing piece of configuration). SHA-2 support was clearly called for, and the fact that we had to get this sorted out in conch first meant that everything took a bit longer than we’d hoped.

In Twisted 15.5, we contributed support for several conch improvements:

Between them and with some adjustments to the lazr.sshserver package we use to glue all this together to add support for DH group exchange, these are enough to allow us not to rely on SHA-1 at all, and these improvements have now been rolled out to all four endpoints listed above. I’ve thus also uploaded OpenSSH 7.1 packages to Debian unstable.

If you also run a Twisted-based SSH server, upgrade it now! Otherwise it will be harder for users of recent OpenSSH client versions to use your server, and for good reason.