| Summary: | filter out bad host key algorithms | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Pierre Ossman <ossman> | ||||
| Component: | Miscellaneous | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED FIXED | ||||||
| Severity: | enhancement | CC: | djm | ||||
| Priority: | P5 | ||||||
| Version: | 6.1p1 | ||||||
| Hardware: | Other | ||||||
| OS: | Linux | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 2076 | ||||||
| Attachments: |
|
||||||
I think I'd prefer to make it possible to list supported ciphers, MACs and hostkey algorithms. Ignoring things we know to be bad may yield nasty surprises, e.g. if a typo causes an unexpected fallback to a weaker algorithm. I implemented a query facility in ssh to allow users or scripts to check which protocol features are available:
-Q protocol_feature
Queries ssh for the algorithms supported for the specified
version 2 protocol_feature. The queriable features are:
``cipher'' (supported symmetric ciphers), ``MAC'' (supported
message integrity codes), ``KEX'' (key exchange algorithms),
``key'' (key types). Protocol features are treated
case-insensitively.
or, as an example:
$ ssh -Q cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
$ ssh -Q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com
$ ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
$ ssh -Q key
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
ssh-rsa-cert-v00@openssh.com
ssh-dss-cert-v00@openssh.com
Many thanks. I'll look into switching over to this mechanism. :) Close all resolved bugs after 7.3p1 release |
Created attachment 2242 [details] host_key_alg_filter.patch Currently the clients will just exit if you give them anything bad in HostKeyAlgorithms. This can be annoying for calling code though as you might not know which algorithms this particular instance of ssh supports. Instead I propose simply filtering out unsupported algorithms and proceeding with what's left. Attached patch does just that.