From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: [PATCH 3/3] OpenSSH: use safer cryptography defaults
Date: Tue, 01 May 2018 14:53:35 +0200
Message-ID: <60141712-0583-e014-ad5d-d423587566a3@link38.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6981927711981521917=="
List-Id: <development.lists.ipfire.org>

--===============6981927711981521917==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

By default, OpenSSH uses crypto algorithms such as SHA1, which are
considered insecure and should not be used anymore. This patch
updates the used ciphers, message-digest algorithms and key exchange
algorithms according https://stribika.github.io/2015/01/04/secure-secure-shel=
l.html .

For the kex algo "diffie-hellman-group-exchange-sha256", an intact
SSH moduli file is required. To make sure we are not falling back
to insecure crypto here, its presence is checked at SSH startup.

On my machines, this file was already there, but it makes sense to
me to double-check this. This patch should not make problems except
for very outdated OpenSSH clients (older than 6.x) or PuTTY versions.

This partially addresses #11538 and requires patch 2/3.

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
---
 config/rootfiles/core/121/update.sh |  6 +++++-
 lfs/openssh                         |  4 ++++
 src/initscripts/system/sshd         | 12 ++++++++++++
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/config/rootfiles/core/121/update.sh b/config/rootfiles/core/121/=
update.sh
index 3ec251292..99c174156 100644
--- a/config/rootfiles/core/121/update.sh
+++ b/config/rootfiles/core/121/update.sh
@@ -60,7 +60,11 @@ rm -rvf \
 sed -i /etc/ssh/sshd_config \
 	-e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \
 	-e 's/^#LogLevel INFO$/LogLevel INFO/' \
-	-e 's/^#StrictModes .*$/StrictModes yes/'
+	-e 's/^#StrictModes .*$/StrictModes yes/' \
+	-e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305(a)openssh.com,ae=
s256-gcm(a)openssh.com,aes128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,aes128-=
ctr\
+			MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.com,umac=
-128-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.com\
+			KexAlgorithms curve25519-sha256(a)libssh.org,diffie-hellman-group-exchang=
e-sha256\
+			#RekeyLimit default none/'
=20
 # Start services
 /etc/init.d/sshd restart
diff --git a/lfs/openssh b/lfs/openssh
index 7e8468ac9..3043501a2 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -96,6 +96,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		-e 's/^#\?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \
 		-e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' \
 		-e 's/^#StrictModes .*$/StrictModes yes/' \
+		-e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305(a)openssh.com,a=
es256-gcm(a)openssh.com,aes128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,aes128=
-ctr\
+			MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.com,umac=
-128-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.com\
+			KexAlgorithms curve25519-sha256(a)libssh.org,diffie-hellman-group-exchang=
e-sha256\
+			#RekeyLimit default none/' \
 		-e 's|^#\?HostKey /etc/ssh/ssh_host_dsa_key$$||' \
 		-e 's|^#\?HostKey /etc/ssh/ssh_host_ecdsa_key$$||' \
 		-e 's|^#\?HostKey /etc/ssh/ssh_host_ed25519_key$$||' \
diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd
index 7b4092d38..d7958e800 100644
--- a/src/initscripts/system/sshd
+++ b/src/initscripts/system/sshd
@@ -23,6 +23,18 @@ case "$1" in
 		evaluate_retval
 	done
=20
+	# Make sure moduli file is properly present
+	# (https://stribika.github.io/2015/01/04/secure-secure-shell.html)
+	modulifile=3D"/etc/ssh/moduli"
+	if [ ! -e "${modulifile}" ]; then
+		boot_mesg "Generating SSH moduli file (this may take a while)..."
+
+		ssh-keygen -G /etc/ssh/moduli.all -b 4096
+		ssh-keygen -T /etc/ssh/moduli.safe -f /etc/ssh/moduli.all
+		mv /etc/ssh/moduli.safe /etc/ssh/moduli
+		rm -f /etc/ssh/moduli.all
+	fi
+
         [ -e "/var/ipfire/remote/enablessh" ] || exit 0 # SSH is not enabled
         boot_mesg "Starting SSH Server..."
         loadproc /usr/sbin/sshd=20
--=20
2.13.6


--===============6981927711981521917==
Content-Type: application/pgp-signature
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"
MIME-Version: 1.0

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUVC
Q2dBR0JRSmE2R05QQUFvSkVObEk4Zzk5ZTU5b2haTVAvMWdiRmQxbS90NC9oKzlMeFE2aDZyRU8K
NVlpN215a1plVUcvVjl5K3ZkU2l1bHdSbis3RWlxeHpPNmh5VVB3RXJNU0gzN2ZtWEU5eU9nRi9B
KzBZZ3JzUwo0alk5VDNiMjU5dFQ4RTFtc2wwaCt1bXFCaVpra2R4dHhqNkgxb2pseFFQQ0ZlWHEz
NHVDaC9XdVVXNTlMTnVhClJKd2pxdTVweWRSTk9yOVpaZENpSW9HcS9LSzFUbVhXZ0hlaGtXR3ZP
ako2cW5DRzd6VUZ5OS9aRVVUeFYzUXUKU0pJZ0kxb0tMNFk2dHA4eEJSQjlQQURTOFJFNEltYThh
OEcxWFhiNm5TVVBFUll0bU5HMW9WelhQWUtoUmRKRApjTW1LdmpoclhRc0VEL0lBaW96eXQ2aHNW
cmxKcUVscUVWTWN0eW1lME9FU01Hb0JDL25GV2hsc2RLT2dnMVZKClErR1p0MXFuYzBDSmRHcVBQ
cUxqbEcrTHJ6RktaY1lmSERTNnVNK3B2WVE5UFB4clNiODcrUm5pa3pFQTZRdjMKZTlWdko5WGQz
RysrdVh0T3ZaRTRBOCt2bXNiZ1Q4VlovbHVUb2VsdXRxSDFTTGFabmJIRlQzci9IYWh4bFAvNApF
b1h5SXdRaTBaTlI4Tk5jY2R4d1l0RU5RUUxiWjZwUzNSekJ0bHEwcVhuQkczaHM3Zy9oTkpYUWZp
bFFSTDNECm9TWCtSTjRFOHBCdnpNREkzNElQdzR3NHRVQkpTNkJPN1BKRXMzL05kY2hKS0NiQllw
R1FYRmpacXlIQmR0cHoKMXhpNENSd2VQRTFEVHNlaERsUFUxeDJub2JHTEROYW9GY2hSeWFldTM2
RkhNNUZRM2UzaklCWWNqY3M4Qy8wMApmMVZ4T1ZxQlpLVXlqMzRxb1NhYgo9TzJJZQotLS0tLUVO
RCBQR1AgU0lHTkFUVVJFLS0tLS0K

--===============6981927711981521917==--