Re: ssh backports
Matt Taggart writes....
> On a related note, is there any plan for deprecating old
> KexAlgorithms/Ciphers/MACs in order to prevent downgrade attacks?
> I know this is tricky, but surely we can start removing really old
> and weak stuff from the default lists? (even if it's still enabled
> so admins can enable for special cases). I can file a wishlist bug
> for this if you think it's a good idea.
After I wrote this I discovered that #774711 has a lot of good
discussion
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711
Also someone pointed out what I wrote is confusing, so I will
elaborate...
The ssh_config(5) manpage lists for KexAlgorithms, Ciphers, and
MACs the default values that will be tried and the order in which
they are tried. These appear to be defined in myproposal.h (lots of
ifdefs so it varies depending on what you have enabled when building).
I am proposing leaving support for older and known weaker things
enabled, but removing them from the default list of things that will
be tried. That way if a user needed to talk to a system that could
only use older settings, they should still enable them in their
config, ideally in a 'Host' stanza specific to only the servers they
actually needed them for. (For example squeeze and older systems,
embedded "appliances" with older ssh versions, etc).
As for which should be dropped from the default search order, I will
defer to the experts. In addition to the discussion in #774711, this
page is good
https://stribika.github.io/2015/01/04/secure-secure-shell.html
More secure by default, but doesn't prevent communication if you are
required to use weaker things (and users can still choose to make
their defaults not use the weaker things at all).
Hopefully that makes more sense.
Thanks,
--
Matt Taggart
taggart@debian.org
Reply to: