Hello *, could somebody have a look at this sometimes? If possible, I'd like to add this to the upcoming Core 121, too - in case we are not becoming too big with the new kernel already. Thanks, and best regards, Peter Müller > By default, OpenSSH uses crypto algorithms such as SHA1, which are > considered insecure and should not be used anymore. This patch > updates the used ciphers, message-digest algorithms and key exchange > algorithms according https://stribika.github.io/2015/01/04/secure-secure-shell.html . > > For the kex algo "diffie-hellman-group-exchange-sha256", an intact > SSH moduli file is required. To make sure we are not falling back > to insecure crypto here, its presence is checked at SSH startup. > > On my machines, this file was already there, but it makes sense to > me to double-check this. This patch should not make problems except > for very outdated OpenSSH clients (older than 6.x) or PuTTY versions. > > This partially addresses #11538 and requires patch 2/3. > > Signed-off-by: Peter Müller > --- > config/rootfiles/core/121/update.sh | 6 +++++- > lfs/openssh | 4 ++++ > src/initscripts/system/sshd | 12 ++++++++++++ > 3 files changed, 21 insertions(+), 1 deletion(-) > > diff --git a/config/rootfiles/core/121/update.sh b/config/rootfiles/core/121/update.sh > index 3ec251292..99c174156 100644 > --- a/config/rootfiles/core/121/update.sh > +++ b/config/rootfiles/core/121/update.sh > @@ -60,7 +60,11 @@ rm -rvf \ > sed -i /etc/ssh/sshd_config \ > -e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \ > -e 's/^#LogLevel INFO$/LogLevel INFO/' \ > - -e 's/^#StrictModes .*$/StrictModes yes/' > + -e 's/^#StrictModes .*$/StrictModes yes/' \ > + -e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305(a)openssh.com,aes256-gcm(a)openssh.com,aes128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\ > + MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.com,umac-128-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.com\ > + KexAlgorithms curve25519-sha256(a)libssh.org,diffie-hellman-group-exchange-sha256\ > + #RekeyLimit default none/' > > # Start services > /etc/init.d/sshd restart > diff --git a/lfs/openssh b/lfs/openssh > index 7e8468ac9..3043501a2 100644 > --- a/lfs/openssh > +++ b/lfs/openssh > @@ -96,6 +96,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > -e 's/^#\?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \ > -e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' \ > -e 's/^#StrictModes .*$/StrictModes yes/' \ > + -e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305(a)openssh.com,aes256-gcm(a)openssh.com,aes128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\ > + MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.com,umac-128-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.com\ > + KexAlgorithms curve25519-sha256(a)libssh.org,diffie-hellman-group-exchange-sha256\ > + #RekeyLimit default none/' \ > -e 's|^#\?HostKey /etc/ssh/ssh_host_dsa_key$$||' \ > -e 's|^#\?HostKey /etc/ssh/ssh_host_ecdsa_key$$||' \ > -e 's|^#\?HostKey /etc/ssh/ssh_host_ed25519_key$$||' \ > diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd > index 7b4092d38..d7958e800 100644 > --- a/src/initscripts/system/sshd > +++ b/src/initscripts/system/sshd > @@ -23,6 +23,18 @@ case "$1" in > evaluate_retval > done > > + # Make sure moduli file is properly present > + # (https://stribika.github.io/2015/01/04/secure-secure-shell.html) > + modulifile="/etc/ssh/moduli" > + if [ ! -e "${modulifile}" ]; then > + boot_mesg "Generating SSH moduli file (this may take a while)..." > + > + ssh-keygen -G /etc/ssh/moduli.all -b 4096 > + ssh-keygen -T /etc/ssh/moduli.safe -f /etc/ssh/moduli.all > + mv /etc/ssh/moduli.safe /etc/ssh/moduli > + rm -f /etc/ssh/moduli.all > + fi > + > [ -e "/var/ipfire/remote/enablessh" ] || exit 0 # SSH is not enabled > boot_mesg "Starting SSH Server..." > loadproc /usr/sbin/sshd >