Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default

To: 774793@bugs.debian.org
Subject: Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default
From: Christoph Anton Mitterer <calestyo@scientia.net>
Date: Wed, 07 Jan 2015 19:34:29 +0100
Message-id: <[🔎] 1420655669.4847.38.camel@scientia.net>
Reply-to: Christoph Anton Mitterer <calestyo@scientia.net>, 774793@bugs.debian.org
In-reply-to: <[🔎] 20150107181307.GZ3020@riva.ucam.org>
References: <[🔎] 20150107172917.GA26525@amaeth.delta9.pl> <[🔎] 20150107181307.GZ3020@riva.ucam.org>

On Wed, 2015-01-07 at 18:13 +0000, Colin Watson wrote: 
> The defaults should be changed upstream first (has anyone contacted
> them?)
Well I've had some discussions with them as I've noted in #774711, but
more with respect to the issues in DH-GEX (moduli sizes, that the client
basically accepts anything,... etc.).

> I'm aware that changes to the Debian packaging would be needed
> but I don't normally make this kind of change unilaterally.
Well unfortunately we already have places where Debian changes even the
hard coded defaults of OpenSSH's options... even to less secure values.
I've opened bugs on these but they have largely been ignored.

> Furthermore, it would be appropriate for people advocating such changes
> to do some interoperability testing with the other SSH clients in
> Debian, such as conch and putty, to find out what effect this would have
> across the whole Debian system.
Especially when you only allow the newer algos from 6.7 you're pretty
alone.
Anyway... I think the appropriate way to handle these things would be,
that upstream removes any questionable algos from their defaults list,
and people have to manually add them back, if they really need to.

Since I'd expect upstream to not do so... I'm unsure what's the best way
for Debian to handle this:

Messing around with configs the user has modified is an absolute no-go.

I strongly dislike the idea of changing the hardcoded default values..
this just causes troubles. People don't want to need to read the DebSSH
specific manpages just to learn that Debian changes well known defaults
to something different (see #765632).
But maybe the default algos are an exception where one could justify it
(since these are anyway options that people can't really expect to have
value X,Y,Z... as every OpenSSH version may bring something new).

Or one could educate people in a NEWS file entry, that only algos XYZ
are considered to be secure... maybe one could include my "hardened"
default configs in the examples section?

Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to:

References:
- Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default
  - From: comotion@krutt.org
- Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Processed: Re: Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default
Next by Date: Bug#774711: openssh: OpenSSH should have stronger ciphers selected at least on the server side.
Previous by thread: Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default
Next by thread: Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default
Index(es):
- Date
- Thread