[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1094246: openssh-server: postinst: please implement ssh-audit recommended keygen options

su 26.1.2025 klo 20.09 Colin Watson (cjwatson@debian.org) kirjoitti:
>
> On Sun, Jan 26, 2025 at 07:53:26PM +0200, Martin-Éric Racine wrote:
> > su 26.1.2025 klo 19.35 Daniel Baumann (daniel@debian.org) kirjoitti:
> > > On 1/26/25 16:21, Colin Watson wrote:
> > > > 3072-bit RSA seems like a fine default at the moment,
> > > > and I expect that Debian will follow future changes made upstream.
> > >
> > > while I fully agree and don't think that the debian package should
> > > divert from upstream here, as an admin I do use different defaults for
> > > systems I maintain.
> > >
> > > From a config management point of view, this is very cumbersome as the
> > > postinst do re-create missing things/fallback to upstream defaults.
> > >
> > > To make it nicer for admins to locally deviate from the defaults.. how
> > > about internal preseed option(s) not shown to the user to select
> > > host-keys to be generated? Would you accept patches for this?
>
> I'm wary of adding too much complexity there, but I'd at least consider
> such patches.
>
> > I have noticed this as well e.g. whenever Debian ships a new
> > openssh-server package, I've had to manually run the command shown on
> > the hardening guide to remove modulus below 3272-bit all over again.
>
> That's about DH moduli rather than host key sizes, right?  That feels
> somewhat different, because we just ship upstream's moduli file as a
> conffile, so providing any debconf-style control over that would be very
> difficult to do in a policy-compliant way.  (I'm also not sure what the
> compatibility implications are of dropping the smaller primes; I assume
> there must be some or upstream would probably have done it already ...)

openssh-server: /etc/ssh/moduli

In principle, this is in the /etc hierarchy, so it should be possible
to treat it like a config and explicitly skip overwriting it with a
debconf question, if we have modified the file such as by removing low
primes.

> > For what it's worth, I fully agree with Colin that some of Joe Testa's
> > recommended hardening measures lack proper justification. Damien
> > Miller noticed the same thing, when I recently asked him to comment on
> > the recommendations.
>
> Are those comments somewhere public so that I can look at them?

No, I just directly e-mailed Damien asking him whether he agreed with
the recommendations 'ssh-audit' makes. He wasn't aware of the
existence of the tool or the hardening guide. His initial impression
was that some recommendations are perplexing. For instance, he doesn't
understand Joe's recommendation against ECDH kex being justified by
"heavy suspicion in the community that it is backdoored by a 3-letter
agency."

Martin-Éric
Reply to: