Bug 2089 - filter out bad host key algorithms
Summary: filter out bad host key algorithms
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Miscellaneous (show other bugs)
Version: 6.1p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_6_3
  Show dependency treegraph
 
Reported: 2013-04-15 18:52 AEST by Pierre Ossman
Modified: 2016-08-02 10:42 AEST (History)
1 user (show)

See Also:

Attachments
host_key_alg_filter.patch (2.13 KB, patch)
2013-04-15 18:52 AEST, Pierre Ossman 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pierre Ossman 2013-04-15 18:52:09 AEST 
Created attachment 2242 [details]
host_key_alg_filter.patch

Currently the clients will just exit if you give them anything bad in HostKeyAlgorithms. This can be annoying for calling code though as you might not know which algorithms this particular instance of ssh supports.

Instead I propose simply filtering out unsupported algorithms and proceeding with what's left. Attached patch does just that.
Comment 1 Damien Miller 2013-04-16 11:10:22 AEST 
I think I'd prefer to make it possible to list supported ciphers, MACs and hostkey algorithms. Ignoring things we know to be bad may yield nasty surprises, e.g. if a typo causes an unexpected fallback to a weaker algorithm.
Comment 2 Damien Miller 2013-04-19 11:09:10 AEST 
I implemented a query facility in ssh to allow users or scripts to check which protocol features are available:

  -Q protocol_feature
          Queries ssh for the algorithms supported for the specified
          version 2 protocol_feature.  The queriable features are:
          ``cipher'' (supported symmetric ciphers), ``MAC'' (supported
          message integrity codes), ``KEX'' (key exchange algorithms),
          ``key'' (key types).  Protocol features are treated
          case-insensitively.

or, as an example:

$ ssh -Q cipher  
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
$ ssh -Q mac    
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com
$ ssh -Q kex 
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
$ ssh -Q key 
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
ssh-rsa-cert-v00@openssh.com
ssh-dss-cert-v00@openssh.com
Comment 3 Pierre Ossman 2013-04-19 17:17:07 AEST 
Many thanks. I'll look into switching over to this mechanism. :)
Comment 4 Damien Miller 2016-08-02 10:42:40 AEST 
Close all resolved bugs after 7.3p1 release