From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 3/3] OpenSSH: use safer cryptography defaults Date: Fri, 18 May 2018 14:43:40 +0100 Message-ID: In-Reply-To: <60141712-0583-e014-ad5d-d423587566a3@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0558371736336135282==" List-Id: --===============0558371736336135282== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, you will need to break up patches into smaller chunks. This is a bit harder to review than it should be. On Tue, 2018-05-01 at 14:53 +0200, Peter M=C3=BCller wrote: > By default, OpenSSH uses crypto algorithms such as SHA1, which are > considered insecure and should not be used anymore. This patch > updates the used ciphers, message-digest algorithms and key exchange > algorithms according https://stribika.github.io/2015/01/04/secure-secure- > shell.html . I can agree to that. > For the kex algo "diffie-hellman-group-exchange-sha256", an intact > SSH moduli file is required. To make sure we are not falling back > to insecure crypto here, its presence is checked at SSH startup. This could have been a separate patch. > On my machines, this file was already there, but it makes sense to > me to double-check this. This patch should not make problems except > for very outdated OpenSSH clients (older than 6.x) or PuTTY versions. >=20 > This partially addresses #11538 and requires patch 2/3. >=20 > Signed-off-by: Peter M=C3=BCller > --- > config/rootfiles/core/121/update.sh | 6 +++++- > lfs/openssh | 4 ++++ > src/initscripts/system/sshd | 12 ++++++++++++ > 3 files changed, 21 insertions(+), 1 deletion(-) >=20 > diff --git a/config/rootfiles/core/121/update.sh > b/config/rootfiles/core/121/update.sh > index 3ec251292..99c174156 100644 > --- a/config/rootfiles/core/121/update.sh > +++ b/config/rootfiles/core/121/update.sh > @@ -60,7 +60,11 @@ rm -rvf \ > sed -i /etc/ssh/sshd_config \ > -e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \ > -e 's/^#LogLevel INFO$/LogLevel INFO/' \ > - -e 's/^#StrictModes .*$/StrictModes yes/' > + -e 's/^#StrictModes .*$/StrictModes yes/' \ > + -e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305(a)openssh.co > m,aes256-gcm(a)openssh.com,aes128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,a= es128- > ctr\ > + MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm@ > openssh.com,umac-128-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128= (a)open > ssh.com\ > + KexAlgorithms curve25519-sha256(a)libssh.org,diffie- > hellman-group-exchange-sha256\ > + #RekeyLimit default none/' The sed is ugly (more below), how can we know this will be properly applied to all systems? sed can add lines without looking for something else to replace something. You can also match a string and append more after it and use & as a wildcard to r= e- insert the matched content.=20 > # Start services > /etc/init.d/sshd restart > diff --git a/lfs/openssh b/lfs/openssh > index 7e8468ac9..3043501a2 100644 > --- a/lfs/openssh > +++ b/lfs/openssh > @@ -96,6 +96,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > -e 's/^#\?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \ > -e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' \ > -e 's/^#StrictModes .*$/StrictModes yes/' \ > + -e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305(a)op > enssh.com,aes256-gcm(a)openssh.com,aes128-gcm(a)openssh.com,aes256-ctr,aes1= 92- > ctr,aes128-ctr\ > + MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm@ > openssh.com,umac-128-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128= (a)open > ssh.com\ > + KexAlgorithms curve25519-sha256(a)libssh.org,diffie- > hellman-group-exchange-sha256\ > + #RekeyLimit default none/' \ > -e 's|^#\?HostKey /etc/ssh/ssh_host_dsa_key$$||' \ > -e 's|^#\?HostKey /etc/ssh/ssh_host_ecdsa_key$$||' \ > -e 's|^#\?HostKey /etc/ssh/ssh_host_ed25519_key$$||' \ I think we should urgently move away from changing the default configuration like this. This is hard to read, might change lines in future versions that we do not intend, etc. This is just not a good way to modify a file. Would you please add a fresh file with only the directives that we want/need? > diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd > index 7b4092d38..d7958e800 100644 > --- a/src/initscripts/system/sshd > +++ b/src/initscripts/system/sshd > @@ -23,6 +23,18 @@ case "$1" in > evaluate_retval > done > =20 > + # Make sure moduli file is properly present > + # (https://stribika.github.io/2015/01/04/secure-secure-shell.html) > + modulifile=3D"/etc/ssh/moduli" > + if [ ! -e "${modulifile}" ]; then > + boot_mesg "Generating SSH moduli file (this may take a > while)..." > + > + ssh-keygen -G /etc/ssh/moduli.all -b 4096 > + ssh-keygen -T /etc/ssh/moduli.safe -f /etc/ssh/moduli.all > + mv /etc/ssh/moduli.safe /etc/ssh/moduli > + rm -f /etc/ssh/moduli.all > + fi > + How long will this take? We support systems with very slow processors. I have been running this for the past 10 minutes on my desktop machine which has some Intel i5 processor. This is already too long. Are there any alternatives instead of creating this with 4096 bits of length = on the target machines? > [ -e "/var/ipfire/remote/enablessh" ] || exit 0 # SSH is not enabl= ed > boot_mesg "Starting SSH Server..." > loadproc /usr/sbin/sshd=20 - -Michael -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5/rW5l3GGe2ypktxgHnw/2+QCQcFAlr+2IwACgkQgHnw/2+Q CQduMA//YlCIN/3bmPSS11jurJQFCy6p3QdqbGuuR09tefEKNZ1w5KXxMili5Vsm tW/is9VoLcB66jEVSn9osAKZ7yRkr99Z7eic+OJVdjodmkGz64KNSIbz0mYTqt+t 0sYADY+F9G+AYwR4WcJviRxOIzCKO7xvdc9ZNRTg1jGzutztJnhwAByO2JGn9HCE 9D1SM7PHNa55TB/7RcZuFn6Y9P1JUfSmwdA/bwyC4oS8znePu/+uRcK1+L+lnXQ8 tEJTs2Daq3icwAVdfUbdW6+zuCjsEvkkwjmQ4opI9twD9q33x7QZkd4/9+yW84pa BBwTFaRUGmSSmca+7HH08KdHpvrXgnmE9X798JTRGJO8zMc0V6yO79Ta8TJG3H5k nihprEhxFBTlQ+iWof9aNMH9zFFQKtLP0QzgB1jdgXMMtrx86pTOwIVlPx7loUo5 eTAgZaSE8Sjvo1iarKyfSfqjo8ZlcIpdGKeE1lsiCcIfA1jpe+uy0hHgiWiFHKwe Rdzz7q4ZIo3s9Dyv0vECOvoPWxQUE9jQT5o05vY9m3uEZv4VrjC1rzCqY1iW8Rj5 E9hGt72MfpKNESXwcDhqTjYC9h0dm2ip7W7xFoJ6rwwvECjEA0n+B9STpVXi8NJh hMbLkwZ1POTojtHFZwFo5AJ0cQuricWVLzn5oA7bOZkf8Pg82+I=3D =3Du/E+ -----END PGP SIGNATURE----- --===============0558371736336135282==--