Bug 3184

Summary: Unable to add deprecated KexAlgorithms back for host via config file
Product: Portable OpenSSH Reporter: Nathan Neulinger <nneul>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED INVALID    
Severity: major CC: djm, jjelen
Priority: P5    
Version: 8.2p1   
Hardware: All   
OS: All   
Attachments:
Description Flags
Trace of ssh -vvv none

Description Nathan Neulinger 2020-06-20 02:51:45 AEST 
I understand the desire to remove diffie-hellman-group14-sha1 for example from the default offers - and agree completely with that. This bug is NOT about the removal/default changes. 

Somewhere between 7.6p1 and 8.2p1 the ability to add the deprecated algorithms back in via config has broken. IT DOES WORK on command line. It's only in the config file parsing where it fails. (i.e. I can no longer add a 'Host old-PoS-router  KexAlgorithms insecureone' entry to my config. 

This worked as of 7.6p1. Note that it is also not specific to the deprecated ones, it appears to be a general issue with that option being ignored in the config file.

For example, with 7.6p1, if I put:

Host *
   KexAlgorithms ecdh-sha2-nistp521

in config, and run with -vvv, I see: 

debug2: local client KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp521,ext-info-c


but with 8.2p1, the offer just shows the default regardless of the content of the settings in config:

debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c



I'll see if I can find where specifically this broke.
Comment 1 Nathan Neulinger 2020-06-20 03:02:11 AEST 
Some further digging - it appears it's not exactly as described.

It's obeying the config when the config is SIMPLE. But if I put:

KexAlgorithms +diffie-hellman-group1-sha1

it's like it's getting stuck with the default, and ignoring any other changes. Trying to find more detail.
Comment 2 Nathan Neulinger 2020-06-20 03:22:12 AEST 
I was able to work around this... Maybe it's expected, but there appears to be something "magic" about adding group1-sha1 that interferes with incrementally adding other entries.

Adding all of them in one shot appears to work fine even on current versions.
Comment 3 Jakub Jelen 2020-06-20 03:33:03 AEST 
Please, post the complete debug log and check what is in all the configuration files (also included if you have some).
Comment 4 Nathan Neulinger 2020-06-20 03:41:11 AEST 
AH, I think I now understand what the problem is with what I was doing.

The KexAlgorithms config setting in config file ONLY WORKS ONCE.

i.e. you cannot do:

KexAlgorithms +diffie-hellman-group1-sha1
KexAlgorithms +diffie-hellman-group-exchange-sha1

but when specified via command line, it appears to allow another override (or it's being processed first). 

Above snippet results in it listing group1-sha1, but NOT the group-exchange-sha1. 


Is that "one shot" expected? It sure doesn't appear that way from documentation.
Comment 5 Nathan Neulinger 2020-06-20 03:44:34 AEST 
Created attachment 3413 [details]
Trace of ssh -vvv

Example trace with this conf file in /tmp/testconf:

KexAlgorithms diffie-hellman-group14-sha1
KexAlgorithms +diffie-hellman-group1-sha1
KexAlgorithms +diffie-hellman-group-exchange-sha1

and invoked as:

ssh -F /tmp/testconf -vvv root@localhost id >/tmp/trace.txt 2>&1
Comment 6 Nathan Neulinger 2020-06-20 03:46:16 AEST 
This appears to be long standing behavior, I had always had the +diffie-hellman-group1-sha1 and only noticed the change with upgrade to Ubuntu20 when the group-exchange-sha1 was also removed in current versions.
Comment 7 Damien Miller 2020-06-20 20:37:21 AEST 
This is expected behaviour - ssh'd config is "first match wins" for most configuration options. I.e only the first configuration option is considered. This is documented at the start of ssh_config(1):

"For each parameter, the first obtained value will be used."

You should be able to do:

KexAlgorithms +diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

to get the behaviour you want.
Comment 8 Nathan Neulinger 2020-06-21 00:02:28 AEST 
Totally explains the behavior, sorry for the wasted time.

Thank you.
Comment 9 Damien Miller 2021-03-04 09:54:23 AEDT 
close bugs that were resolved in OpenSSH 8.5 release cycle