Wiktor Kwapisiewicz - OpenPGP-OpenSSH
Improving SSH Authentication with OpenPGP transitive trust
Middleware and identity
Can you introduce yourself and your project?
Hi, I’m Wiktor Kwapisiewicz. I’ve been involved in various OpenPGP projects throughout the years, specifically hardware-security modules and cryptography support. For this project, I’ve partnered with two of my closest friends:
- David Runge, who’s an Arch Linux core developer and a highly qualified Rust engineer.
- Doron Behar is a physicist and an expert in all things related to NixOS.
The project is Improving OpenSSH’s Authentication and PKI. It connects two popular, standardised protocols: SSH, which secures the Internet, and OpenPGP, which provides strong authentication. The goal is to solve one of the long-standing problems in the SSH world: secure authentication of remote hosts.
What are the key issues you see with the state of the internet today?
Oh, there are numerous issues with the state of the internet today. Even though I’m positive that we can improve it long-term through collaborative efforts, I think the best way to address them is the old-and-proven divide-and-conquer method: identifying small wins that contribute to the overall goal of a more open and accessible internet.
Neal of Sequoia-PGP identified the problem we’re solving here. Neal couldn’t work on it and kindly handed off the project to me. The project addresses the issue of initial trust in SSH. Even though it’s not directly visible to the wider userbase of the internet, SSH is a widely used protocol today: administrators use it to access remote hosts securely, and developers use it to work with remote repositories.
How does your project contribute to correcting some of those issues?
Most SSH users default to the “Trust On First Use” model, which leaves the first, initial connection vulnerable to Man in the Middle attacks. The SSH client assumes that the end-user verifies the host key’s identity using an out-of-band mechanism (asking the administrator). Since this step requires significant effort, many users unquestioningly accept the presented key, leaving them vulnerable to impersonation attacks.
Solving this problem securely but frictionlessly requires some kind of Public Key Infrastructure. This is where the second component of the system takes over: our project uses the OpenPGP PKI (also known as the “Web of Trust”) to authenticate the remote host.
What do you like most about (working on) your project?
I utilised the strengths of the two standards to bring forth a new quality. Many ecosystems become closed to new, external feedback and form islands over time. In my experience, most of the complex problems lie in between—but addressing them properly is more complicated, as it requires intimate knowledge of both disparate islands.
I also liked the work structure that NLnet suggests: self-defined milestones and tasks. This structure makes me think the project through in advance and devise a plan of action. This process was already beneficial for my previous NLnet projects, but in this project, we worked as a team, and the structure made it possible for everyone to keep track of the progress and know where we were.
Where will you take your project next?
The project is mostly feature-complete. It’s configurable, so administrators can adjust the checks performed on lookup. It’s also packaged for two major Linux distributions and is being tested by several potential user groups.
How did NGI Assure help you reach your goals for your project?
NGI Assure provided three essential components: a framework that made us think through all edge cases in advance, financial support that allowed us to cover more use cases, and implement several advanced features. The last but not least component was the opportunity to connect with other projects under the NGI Assure umbrella, which allowed us to polish the design and implementation.
Do you have advice for people who are considering applying for NGI funding?
The most important thing is to browse the list of existing projects to see if your idea is within NGI’s scope. I suggest asking others to review it before sending the application form. As an engineer, writing text is always harder than writing code, and external feedback can improve clarity significantly.
I’d also suggest being patient: even if an application gets accepted, the process takes a couple of months to go through all rounds.
Do you have any recommendations to improve future NGI programmes or the wider NGI initiative?
I see that the programs are getting more and more attention over the years, and this is only my subjective feeling; it’s taking longer and getting more challenging to be accepted. I don’t have a solution at hand that doesn’t involve cloning the entire NLnet staff ;-)
But that’s only a minor point, of course. The bottom line for me is that NGI is an amazing resource for the open source ecosystem and has supported an impressive range of fantastic projects!
You can reach out to us via these channels:
- Wiktor: https://metacode.biz/@wiktor
- David: https://sleepmap.de
- Doron: https://doronbehar.com
Acknowledgements
Published on October 24, 2024
Improving OpenSSH’s Authentication and PKI received funding through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.