From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cZcLT5FJZz32cx for ; Sun, 28 Sep 2025 21:06:09 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cZcLQ2v8Vz2xP7 for ; Sun, 28 Sep 2025 21:06:06 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cZcLN6rqqz3X8 for ; Sun, 28 Sep 2025 21:06:04 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1759093565; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QzXcwql7J51k+Y/O+r5ar9Ksj7v9l+TY6LBYZa2UDWM=; b=sYQS57Boq/WQ4j271TXpG1cn+i3l/ABX0QcOg+Zm8LAZsWt0K2/7HRHKzHTXCtViPYAmlR FL+fmi9WpV8TiwCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1759093565; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QzXcwql7J51k+Y/O+r5ar9Ksj7v9l+TY6LBYZa2UDWM=; b=vfQ80KbldRi4aZvhsYFhf5Md8ClXzKEsvCoVD28hFNPtEreFsjw+MeUFMxGR8uxYjF+W31 /uciCg91X+x9ufwG5LG0koRjl0hSRFkwZCkQwTrIeU85R9M30XRCGNDMda16YFgJ9Antl8 NfB6OkYA4dF0mGf54gV9BfIE6P4D3aVmg3l03HsrMJe0CW/PTt+Kxxj6A42pKvWDD31J7Z awPSr209gU6Rs+QwF26OkBMLVEJFcU6HanGsuyDUcbsgpHxlY1vhXIrRiWbD+OY9kEwMpQ pmnlf5FRFCExOM+pXwGhS97aQQYiuCboE4C1FpTVYhk6PFLpdLRRMRa+NCoo5g== Message-ID: Date: Sun, 28 Sep 2025 21:06:00 +0000 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Subject: [PATCH 2/3] OpenSSH: Amend upstream default cipher changes From: =?UTF-8?Q?Peter_M=C3=BCller?= To: "IPFire: Development" References: <5d3b4fdd-fe49-4997-b00c-c2fd723f0e4a@ipfire.org> In-Reply-To: <5d3b4fdd-fe49-4997-b00c-c2fd723f0e4a@ipfire.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch implements the following change made to OpenSSH server upstream in version 10.0: * sshd(8): this release disables finite field (a.k.a modp) Diffie-Hellman key exchange in sshd by default. Specifically, this removes the "diffie-hellman-group*" and "diffie-hellman-group-exchange-*" methods from the default KEXAlgorithms list. The client is unchanged and continues to support these methods by default. Finite field Diffie Hellman is slow and computationally expensive for the same security level as Elliptic Curve DH or PQ key agreement while offering no redeeming advantages. ECDH has been specified for the SSH protocol for 15 years and some form of ECDH has been the default key exchange in OpenSSH for the last 14 years. In addition, for both OpenSSH server and client, the following upstream change made in version 9.9 is implemented: * ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256 is now used by default for key agreement. This algorithm is considered to be safe against attack by quantum computers, is guaranteed to be no less strong than the popular curve25519-sha256 algorithm, has been standardised by NIST and is considerably faster than the previous default. Signed-off-by: Peter Müller --- config/ssh/ssh_config | 2 +- config/ssh/sshd_config | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config index a248001ff..2fc62e116 100644 --- a/config/ssh/ssh_config +++ b/config/ssh/ssh_config @@ -9,7 +9,7 @@ Host * UseRoaming no # Only use secure crypto algorithms - KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 + KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config index 25e5b1838..3e25e74e8 100644 --- a/config/ssh/sshd_config +++ b/config/ssh/sshd_config @@ -20,7 +20,7 @@ LoginGraceTime 30s MaxStartups 5 # Only allow safe crypto algorithms -KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 +KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com -- 2.51.0