From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] SSH: do not send spoofable TCP keep alive messages
Date: Mon, 08 Feb 2021 13:48:26 +0000
Message-ID: <A6149211-42F3-4055-ADC9-08875BE83B09@ipfire.org>
In-Reply-To: <318bc126-afbc-a9b2-1380-4e42d58782e5@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5311169208335220274=="
List-Id: <development.lists.ipfire.org>

--===============5311169208335220274==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello,

> On 1 Feb 2021, at 18:06, Peter M=C3=BCller <peter.mueller(a)ipfire.org> wro=
te:
>=20
> By default, both SSH server and client rely on TCP-based keep alive
> messages to detect broken sessions, which can be spoofed rather easily
> in order to keep a broken session opened (and vice versa).
>=20
> Since we rely on SSH-based keep alive messages, which are not vulnerable
> to this kind of tampering, there is no need to double-check connections
> via TCP keep alive as well.
>=20
> This patch thereof disables using TCP keep alive for both SSH client and
> server scenario. Further, {Client,Server}AliveCountMax default to 3,
> which is sufficient (3 * 10 sec. =3D broken SSH connections die after 30
> seconds), so we can omit that option. 60 seconds won't have any
> advantage here.

Is there any considerable downside of increasing this to something more usele=
ss?

I constantly run into broken SSH sessions because of smaller network hiccups =
(WiFi, VPNs, my crappy ISP, etc.). It would be useful to hold the connection =
for a little bit longer so that I can spend more time on fixing stuff instead=
 of logging back in.

-Michael

>=20
> Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
> ---
> config/ssh/ssh_config  | 11 +++++++----
> config/ssh/sshd_config |  7 ++++---
> 2 files changed, 11 insertions(+), 7 deletions(-)
>=20
> diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config
> index 2e2ee60c3..ab0967086 100644
> --- a/config/ssh/ssh_config
> +++ b/config/ssh/ssh_config
> @@ -5,7 +5,7 @@
>=20
> # Set some basic hardening options for all connections
> Host *
> -        # Disable Roaming as it is known to be vulnerable
> +        # Disable undocumented roaming feature as it is known to be vulner=
able
>         UseRoaming no
>=20
>         # Only use secure crypto algorithms
> @@ -13,15 +13,18 @@ Host *
>         Ciphers chacha20-poly1305(a)openssh.com,aes256-gcm(a)openssh.com,ae=
s128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
>         MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.co=
m,umac-128-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.c=
om
>=20
> -        # Always visualise server host keys (but helps to identify key bas=
ed MITM attacks)
> +        # Always visualise server host keys (helps to identify key based M=
ITM attacks)
>         VisualHostKey yes
>=20
>         # Use SSHFP (might work on some up-to-date networks) to look up hos=
t keys
>         VerifyHostKeyDNS yes
>=20
> -        # send keep-alive messages to connected server to avoid broken con=
nections
> +        # Send SSH-based keep alive messages to connected server to avoid =
broken connections
>         ServerAliveInterval 10
> -        ServerAliveCountMax 6
> +
> +	# Disable TCP keep alive messages since they can be spoofed and we have S=
SH-based
> +	# keep alive messages enabled; there is no need to do things twice here
> +	TCPKeepAlive no
>=20
>         # Ensure only allowed authentication methods are used
>         PreferredAuthentications publickey,keyboard-interactive,password
> diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config
> index bea5cee53..a9eb5ff14 100644
> --- a/config/ssh/sshd_config
> +++ b/config/ssh/sshd_config
> @@ -47,11 +47,12 @@ AllowTcpForwarding no
> AllowAgentForwarding no
> PermitOpen none
>=20
> -# Detect broken sessions by sending keep-alive messages to clients via SSH=
 connection
> +# Send SSH-based keep alive messages every 10 seconds
> ClientAliveInterval 10
>=20
> -# Close unresponsive SSH sessions which fail to answer keep-alive
> -ClientAliveCountMax 6
> +# Since TCP keep alive messages can be spoofed and we have the SSH-based a=
lready,
> +# there is no need for this to be enabled as well
> +TCPKeepAlive no
>=20
> # Add support for SFTP
> Subsystem	sftp	/usr/lib/openssh/sftp-server
> --=20
> 2.26.2


--===============5311169208335220274==--