By default, OpenSSH uses crypto algorithms such as SHA1, which are considered insecure and should not be used anymore. This patch updates the used ciphers, message-digest algorithms and key exchange algorithms according https://stribika.github.io/2015/01/04/secure-secure-shell.html .
For the kex algo "diffie-hellman-group-exchange-sha256", an intact SSH moduli file is required. To make sure we are not falling back to insecure crypto here, its presence is checked at SSH startup.
On my machines, this file was already there, but it makes sense to me to double-check this. This patch should not make problems except for very outdated OpenSSH clients (older than 6.x) or PuTTY versions.
This partially addresses #11538 and requires patch 2/3.
Signed-off-by: Peter Müller peter.mueller@link38.eu --- config/rootfiles/core/121/update.sh | 6 +++++- lfs/openssh | 4 ++++ src/initscripts/system/sshd | 12 ++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/config/rootfiles/core/121/update.sh b/config/rootfiles/core/121/update.sh index 3ec251292..99c174156 100644 --- a/config/rootfiles/core/121/update.sh +++ b/config/rootfiles/core/121/update.sh @@ -60,7 +60,11 @@ rm -rvf \ sed -i /etc/ssh/sshd_config \ -e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \ -e 's/^#LogLevel INFO$/LogLevel INFO/' \ - -e 's/^#StrictModes .*$/StrictModes yes/' + -e 's/^#StrictModes .*$/StrictModes yes/' \ + -e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\ + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com\ + KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\ + #RekeyLimit default none/'
# Start services /etc/init.d/sshd restart diff --git a/lfs/openssh b/lfs/openssh index 7e8468ac9..3043501a2 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -96,6 +96,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -e 's/^#?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \ -e 's/^#?PermitRootLogin .*$$/PermitRootLogin yes/' \ -e 's/^#StrictModes .*$/StrictModes yes/' \ + -e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\ + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com\ + KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\ + #RekeyLimit default none/' \ -e 's|^#?HostKey /etc/ssh/ssh_host_dsa_key$$||' \ -e 's|^#?HostKey /etc/ssh/ssh_host_ecdsa_key$$||' \ -e 's|^#?HostKey /etc/ssh/ssh_host_ed25519_key$$||' \ diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd index 7b4092d38..d7958e800 100644 --- a/src/initscripts/system/sshd +++ b/src/initscripts/system/sshd @@ -23,6 +23,18 @@ case "$1" in evaluate_retval done
+ # Make sure moduli file is properly present + # (https://stribika.github.io/2015/01/04/secure-secure-shell.html) + modulifile="/etc/ssh/moduli" + if [ ! -e "${modulifile}" ]; then + boot_mesg "Generating SSH moduli file (this may take a while)..." + + ssh-keygen -G /etc/ssh/moduli.all -b 4096 + ssh-keygen -T /etc/ssh/moduli.safe -f /etc/ssh/moduli.all + mv /etc/ssh/moduli.safe /etc/ssh/moduli + rm -f /etc/ssh/moduli.all + fi + [ -e "/var/ipfire/remote/enablessh" ] || exit 0 # SSH is not enabled boot_mesg "Starting SSH Server..." loadproc /usr/sbin/sshd
Hello *,
could somebody have a look at this sometimes?
If possible, I'd like to add this to the upcoming Core 121, too - in case we are not becoming too big with the new kernel already.
Thanks, and best regards, Peter Müller
By default, OpenSSH uses crypto algorithms such as SHA1, which are considered insecure and should not be used anymore. This patch updates the used ciphers, message-digest algorithms and key exchange algorithms according https://stribika.github.io/2015/01/04/secure-secure-shell.html .
For the kex algo "diffie-hellman-group-exchange-sha256", an intact SSH moduli file is required. To make sure we are not falling back to insecure crypto here, its presence is checked at SSH startup.
On my machines, this file was already there, but it makes sense to me to double-check this. This patch should not make problems except for very outdated OpenSSH clients (older than 6.x) or PuTTY versions.
This partially addresses #11538 and requires patch 2/3.
Signed-off-by: Peter Müller peter.mueller@link38.eu
config/rootfiles/core/121/update.sh | 6 +++++- lfs/openssh | 4 ++++ src/initscripts/system/sshd | 12 ++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/config/rootfiles/core/121/update.sh b/config/rootfiles/core/121/update.sh index 3ec251292..99c174156 100644 --- a/config/rootfiles/core/121/update.sh +++ b/config/rootfiles/core/121/update.sh @@ -60,7 +60,11 @@ rm -rvf \ sed -i /etc/ssh/sshd_config \ -e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \ -e 's/^#LogLevel INFO$/LogLevel INFO/' \
- -e 's/^#StrictModes .*$/StrictModes yes/'
- -e 's/^#StrictModes .*$/StrictModes yes/' \
- -e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com\KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\#RekeyLimit default none/'# Start services /etc/init.d/sshd restart diff --git a/lfs/openssh b/lfs/openssh index 7e8468ac9..3043501a2 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -96,6 +96,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -e 's/^#?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \ -e 's/^#?PermitRootLogin .*$$/PermitRootLogin yes/' \ -e 's/^#StrictModes .*$/StrictModes yes/' \
-e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com\KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\#RekeyLimit default none/' \diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd index 7b4092d38..d7958e800 100644 --- a/src/initscripts/system/sshd +++ b/src/initscripts/system/sshd @@ -23,6 +23,18 @@ case "$1" in evaluate_retval done
- # Make sure moduli file is properly present
- # (https://stribika.github.io/2015/01/04/secure-secure-shell.html)
- modulifile="/etc/ssh/moduli"
- if [ ! -e "${modulifile}" ]; then
boot_mesg "Generating SSH moduli file (this may take a while)..."ssh-keygen -G /etc/ssh/moduli.all -b 4096ssh-keygen -T /etc/ssh/moduli.safe -f /etc/ssh/moduli.allmv /etc/ssh/moduli.safe /etc/ssh/modulirm -f /etc/ssh/moduli.all- fi
[ -e "/var/ipfire/remote/enablessh" ] || exit 0 # SSH is not enabled boot_mesg "Starting SSH Server..." loadproc /usr/sbin/sshd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Wed, 2018-05-16 at 17:39 +0200, Peter Müller wrote:
Hello *,
could somebody have a look at this sometimes?
If possible, I'd like to add this to the upcoming Core 121, too
- in case we are not becoming too big with the new kernel already.
I don't think that this will find space in C121.
Thanks, and best regards, Peter Müller
By default, OpenSSH uses crypto algorithms such as SHA1, which are considered insecure and should not be used anymore. This patch updates the used ciphers, message-digest algorithms and key exchange algorithms according https://stribika.github.io/2015/01/04/secure-secure-she ll.html .
For the kex algo "diffie-hellman-group-exchange-sha256", an intact SSH moduli file is required. To make sure we are not falling back to insecure crypto here, its presence is checked at SSH startup.
On my machines, this file was already there, but it makes sense to me to double-check this. This patch should not make problems except for very outdated OpenSSH clients (older than 6.x) or PuTTY versions.
This partially addresses #11538 and requires patch 2/3.
Signed-off-by: Peter Müller peter.mueller@link38.eu
config/rootfiles/core/121/update.sh | 6 +++++- lfs/openssh | 4 ++++ src/initscripts/system/sshd | 12 ++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/config/rootfiles/core/121/update.sh b/config/rootfiles/core/121/update.sh index 3ec251292..99c174156 100644 --- a/config/rootfiles/core/121/update.sh +++ b/config/rootfiles/core/121/update.sh @@ -60,7 +60,11 @@ rm -rvf \ sed -i /etc/ssh/sshd_config \ -e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \ -e 's/^#LogLevel INFO$/LogLevel INFO/' \
- -e 's/^#StrictModes .*$/StrictModes yes/'
- -e 's/^#StrictModes .*$/StrictModes yes/' \
- -e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305@openssh.
com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192- ctr,aes128-ctr\
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@ openssh.com\
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\
#RekeyLimit default none/'# Start services /etc/init.d/sshd restart diff --git a/lfs/openssh b/lfs/openssh index 7e8468ac9..3043501a2 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -96,6 +96,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -e 's/^#?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \ -e 's/^#?PermitRootLogin .*$$/PermitRootLogin yes/' \ -e 's/^#StrictModes .*$/StrictModes yes/' \
-e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192- ctr,aes128-ctr\
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@ openssh.com\
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\
#RekeyLimit default none/' \diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd index 7b4092d38..d7958e800 100644 --- a/src/initscripts/system/sshd +++ b/src/initscripts/system/sshd @@ -23,6 +23,18 @@ case "$1" in evaluate_retval done
- # Make sure moduli file is properly present
- # (https://stribika.github.io/2015/01/04/secure-secure-shell.html)
- modulifile="/etc/ssh/moduli"
- if [ ! -e "${modulifile}" ]; then
boot_mesg "Generating SSH moduli file (this may take awhile)..."
ssh-keygen -G /etc/ssh/moduli.all -b 4096ssh-keygen -T /etc/ssh/moduli.safe -f /etc/ssh/moduli.allmv /etc/ssh/moduli.safe /etc/ssh/modulirm -f /etc/ssh/moduli.all- fi
[ -e "/var/ipfire/remote/enablessh" ] || exit 0 # SSH is notenabled boot_mesg "Starting SSH Server..." loadproc /usr/sbin/sshd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hello,
you will need to break up patches into smaller chunks. This is a bit harder to review than it should be.
On Tue, 2018-05-01 at 14:53 +0200, Peter Müller wrote:
By default, OpenSSH uses crypto algorithms such as SHA1, which are considered insecure and should not be used anymore. This patch updates the used ciphers, message-digest algorithms and key exchange algorithms according https://stribika.github.io/2015/01/04/secure-secure- shell.html .
I can agree to that.
For the kex algo "diffie-hellman-group-exchange-sha256", an intact SSH moduli file is required. To make sure we are not falling back to insecure crypto here, its presence is checked at SSH startup.
This could have been a separate patch.
On my machines, this file was already there, but it makes sense to me to double-check this. This patch should not make problems except for very outdated OpenSSH clients (older than 6.x) or PuTTY versions.
This partially addresses #11538 and requires patch 2/3.
Signed-off-by: Peter Müller peter.mueller@link38.eu
config/rootfiles/core/121/update.sh | 6 +++++- lfs/openssh | 4 ++++ src/initscripts/system/sshd | 12 ++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/config/rootfiles/core/121/update.sh b/config/rootfiles/core/121/update.sh index 3ec251292..99c174156 100644 --- a/config/rootfiles/core/121/update.sh +++ b/config/rootfiles/core/121/update.sh @@ -60,7 +60,11 @@ rm -rvf \ sed -i /etc/ssh/sshd_config \ -e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \ -e 's/^#LogLevel INFO$/LogLevel INFO/' \
- -e 's/^#StrictModes .*$/StrictModes yes/'
- -e 's/^#StrictModes .*$/StrictModes yes/' \
- -e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305@openssh.co
m,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128- ctr\
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@open ssh.com\
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\
#RekeyLimit default none/'
The sed is ugly (more below), how can we know this will be properly applied to all systems?
sed can add lines without looking for something else to replace something. You can also match a string and append more after it and use & as a wildcard to re- insert the matched content.
# Start services /etc/init.d/sshd restart diff --git a/lfs/openssh b/lfs/openssh index 7e8468ac9..3043501a2 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -96,6 +96,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -e 's/^#?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \ -e 's/^#?PermitRootLogin .*$$/PermitRootLogin yes/' \ -e 's/^#StrictModes .*$/StrictModes yes/' \
-e 's/^#RekeyLimit default none$/Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192- ctr,aes128-ctr\
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@open ssh.com\
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\
#RekeyLimit default none/' \
I think we should urgently move away from changing the default configuration like this. This is hard to read, might change lines in future versions that we do not intend, etc. This is just not a good way to modify a file.
Would you please add a fresh file with only the directives that we want/need?
diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd index 7b4092d38..d7958e800 100644 --- a/src/initscripts/system/sshd +++ b/src/initscripts/system/sshd @@ -23,6 +23,18 @@ case "$1" in evaluate_retval done
- # Make sure moduli file is properly present
- # (https://stribika.github.io/2015/01/04/secure-secure-shell.html)
- modulifile="/etc/ssh/moduli"
- if [ ! -e "${modulifile}" ]; then
boot_mesg "Generating SSH moduli file (this may take awhile)..."
ssh-keygen -G /etc/ssh/moduli.all -b 4096ssh-keygen -T /etc/ssh/moduli.safe -f /etc/ssh/moduli.allmv /etc/ssh/moduli.safe /etc/ssh/modulirm -f /etc/ssh/moduli.all- fi
How long will this take? We support systems with very slow processors. I have been running this for the past 10 minutes on my desktop machine which has some Intel i5 processor. This is already too long.
Are there any alternatives instead of creating this with 4096 bits of length on the target machines?
[ -e "/var/ipfire/remote/enablessh" ] || exit 0 # SSH is not enabled boot_mesg "Starting SSH Server..." loadproc /usr/sbin/sshd
- -Michael
-
Michael Tremer -
Peter Müller