Bug#989906: openssh-server: With GSSAPIKeyExchage "yes" openssh presents poor quality key exchange methods

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#989906: openssh-server: With GSSAPIKeyExchage "yes" openssh presents poor quality key exchange methods
From: John Hughes <john@calva.com>
Date: Tue, 15 Jun 2021 18:40:21 +0200
Message-id: <[🔎] 162377522148.20746.9420183202875211864.reportbug@olympic.calvaedi.com>
Reply-to: John Hughes <john@calva.com>, 989906@bugs.debian.org

Package: openssh-server
Version: 1:7.9p1-10+deb10u2
Severity: important

Dear Maintainer,


What did I do?

   * Configured GSSAPIKeyExchange "yes", because it's a good idea and
     the automatic updating of renewed credentials it allows is very,
     very useful.

What happened?

   * When connecting to the OpenSSH server I see some quite horrible key
     exchange methods proposed and accepted:

     debug1: Offering GSSAPI proposal: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==
     debug1: SSH2_MSG_KEXINIT sent
     debug1: SSH2_MSG_KEXINIT received
     debug1: kex: algorithm: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==

   * What outcome did you expect instead?

     Something more modern?

Some security scanners have started reporting at least
gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g== as a vulnerability, e.g. Qualys calls it
"QID 38739: Deprecated SSH Cryptographic Settings"

https://qualys-secure.force.com/customer/s/article/000006407

As far as I can tell there is no way of configuring openssh to avoid using
gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==.


-- System Information:
Debian Release: 10.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                3.118
ii  debconf [debconf-2.0]  1.5.71
ii  dpkg                   1.19.7
ii  libaudit1              1:2.8.4-3
ii  libc6                  2.28-10
ii  libcom-err2            1.44.5-1+deb10u3
ii  libgssapi-krb5-2       1.17-3+deb10u1
ii  libkrb5-3              1.17-3+deb10u1
ii  libpam-modules         1.3.1-5
ii  libpam-runtime         1.3.1-5
ii  libpam0g               1.3.1-5
ii  libselinux1            2.8-1+b1
ii  libssl1.1              1.1.1d-0+deb10u6
ii  libsystemd0            241-7~deb10u7
ii  libwrap0               7.6.q-28
ii  lsb-base               10.2019051400
ii  openssh-client         1:7.9p1-10+deb10u2
ii  openssh-sftp-server    1:7.9p1-10+deb10u2
ii  procps                 2:3.3.15-2
ii  ucf                    3.0038+nmu1
ii  zlib1g                 1:1.2.11.dfsg-1

Versions of packages openssh-server recommends:
ii  libpam-systemd [logind]  241-7~deb10u7
ii  ncurses-term             6.1+20181013-2+deb10u2
ii  xauth                    1:1.0.10-1

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  rssh          <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information excluded

Reply to:

Prev by Date: Bug#970865: marked as done (openssh 8.3 in buster-backports)
Next by Date: Bug#990069: openssh-server: Not accepting new connections during Debian 10 -> 11 upgrade
Previous by thread: Bug#970865: marked as done (openssh 8.3 in buster-backports)
Next by thread: Bug#990069: openssh-server: Not accepting new connections during Debian 10 -> 11 upgrade
Index(es):
- Date
- Thread