Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
openssh
openssh-6.6p1-disable_short_DH_parameters.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh-6.6p1-disable_short_DH_parameters.patch of Package openssh
# HG changeset patch # Parent b9a947800a419ae7050d6e15eb6606ee0505d041 Raise minimal size of DH group parameters to 2048 bits like upstream did in 7.2. 1024b values are believed to be in breaking range for state adversaries and the default moduli shipped with openssh have been around long enough to make it more likely for them to be broken. Also provide an option that allows the client to accept shorter (RFC4419 compliant) parameters. CVE-2015-4000 (LOGJAM) bsc#932483 diff --git a/openssh-6.6p1/dh.c b/openssh-6.6p1/dh.c --- a/openssh-6.6p1/dh.c +++ b/openssh-6.6p1/dh.c @@ -35,16 +35,18 @@ #include <stdlib.h> #include <string.h> #include "dh.h" #include "pathnames.h" #include "log.h" #include "misc.h" +int dh_grp_min = DH_GRP_MIN; + static int parse_prime(int linenum, char *line, struct dhgroup *dhg) { char *cp, *arg; char *strsize, *gen, *prime; const char *errstr = NULL; long long n; diff --git a/openssh-6.6p1/dh.h b/openssh-6.6p1/dh.h --- a/openssh-6.6p1/dh.h +++ b/openssh-6.6p1/dh.h @@ -39,17 +39,18 @@ DH *dh_new_group1(void); DH *dh_new_group14(void); void dh_gen_key(DH *, int); int dh_pub_is_valid(DH *, BIGNUM *); int dh_estimate(int); /* Min and max values from RFC4419. */ -#define DH_GRP_MIN 1024 +#define DH_GRP_MIN_RFC 1024 +#define DH_GRP_MIN 2048 #define DH_GRP_MAX 8192 /* * Values for "type" field of moduli(5) * Specifies the internal structure of the prime modulus. */ #define MODULI_TYPE_UNKNOWN (0) #define MODULI_TYPE_UNSTRUCTURED (1) diff --git a/openssh-6.6p1/kexgexc.c b/openssh-6.6p1/kexgexc.c --- a/openssh-6.6p1/kexgexc.c +++ b/openssh-6.6p1/kexgexc.c @@ -41,41 +41,45 @@ #include "cipher.h" #include "kex.h" #include "log.h" #include "packet.h" #include "dh.h" #include "ssh2.h" #include "compat.h" +/* import from dh.c */ +extern int dh_grp_min; + void kexgex_client(Kex *kex) { BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; BIGNUM *p = NULL, *g = NULL; Key *server_host_key; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; u_int klen, slen, sbloblen, hashlen; int kout; int min, max, nbits; + int p_bitlen; DH *dh; nbits = dh_estimate(kex->dh_need * 8); if (datafellows & SSH_OLD_DHGEX) { /* Old GEX request */ packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD); packet_put_int(nbits); - min = DH_GRP_MIN; + min = dh_grp_min; max = DH_GRP_MAX; debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD(%u) sent", nbits); } else { /* New GEX request */ - min = DH_GRP_MIN; + min = dh_grp_min; max = DH_GRP_MAX; packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST); packet_put_int(min); packet_put_int(nbits); packet_put_int(max); debug("SSH2_MSG_KEX_DH_GEX_REQUEST(%u<%u<%u) sent", min, nbits, max); @@ -87,24 +91,32 @@ kexgex_client(Kex *kex) packet_send(); debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP"); packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP); if ((p = BN_new()) == NULL) fatal("BN_new"); packet_get_bignum2(p); + p_bitlen = BN_num_bits(p); if ((g = BN_new()) == NULL) fatal("BN_new"); packet_get_bignum2(g); packet_check_eom(); - if (BN_num_bits(p) < min || BN_num_bits(p) > max) + if (p_bitlen < min || p_bitlen > max) { + if (p_bitlen < min && p_bitlen >= DH_GRP_MIN_RFC) + logit("DH parameter offered by the server (%d bits) " + "is considered insecure. " + "You can lower the accepted minimum " + "via the KexDHMin option.", + p_bitlen); fatal("DH_GEX group out of range: %d !< %d !< %d", - min, BN_num_bits(p), max); + min, p_bitlen, max); + } dh = dh_new_group(g, p); dh_gen_key(dh, kex->we_need * 8); #ifdef DEBUG_KEXDH DHparams_print_fp(stderr, dh); fprintf(stderr, "pub= "); BN_print_fp(stderr, dh->pub_key); diff --git a/openssh-6.6p1/kexgexs.c b/openssh-6.6p1/kexgexs.c --- a/openssh-6.6p1/kexgexs.c +++ b/openssh-6.6p1/kexgexs.c @@ -45,16 +45,19 @@ #include "dh.h" #include "ssh2.h" #include "compat.h" #ifdef GSSAPI #include "ssh-gss.h" #endif #include "monitor_wrap.h" +/* import from dh.c */ +extern int dh_grp_min; + void kexgex_server(Kex *kex) { BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; Key *server_host_public, *server_host_private; DH *dh; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; u_int sbloblen, klen, slen, hashlen; @@ -71,36 +74,43 @@ kexgex_server(Kex *kex) type = packet_read(); switch (type) { case SSH2_MSG_KEX_DH_GEX_REQUEST: debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); omin = min = packet_get_int(); onbits = nbits = packet_get_int(); omax = max = packet_get_int(); - min = MAX(DH_GRP_MIN, min); + min = MAX(dh_grp_min, min); max = MIN(DH_GRP_MAX, max); - nbits = MAX(DH_GRP_MIN, nbits); + nbits = MAX(dh_grp_min, nbits); nbits = MIN(DH_GRP_MAX, nbits); break; case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); onbits = nbits = packet_get_int(); /* unused for old GEX */ - omin = min = DH_GRP_MIN; + omin = min = dh_grp_min; omax = max = DH_GRP_MAX; break; default: fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); } packet_check_eom(); - if (omax < omin || onbits < omin || omax < onbits) + if (omax < omin || onbits < omin || omax < onbits) { + if (onbits < omin && onbits >= DH_GRP_MIN_RFC) + logit("DH parameter requested by the client (%d bits) " + "is considered insecure. " + "You can lower the accepted minimum " + "via the KexDHMin option.", + onbits); fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", omin, onbits, omax); + } /* Contact privileged parent */ dh = PRIVSEP(choose_dh(min, nbits, max)); if (dh == NULL) packet_disconnect("Protocol error: no matching DH grp found"); debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); packet_start(SSH2_MSG_KEX_DH_GEX_GROUP); diff --git a/openssh-6.6p1/readconf.c b/openssh-6.6p1/readconf.c --- a/openssh-6.6p1/readconf.c +++ b/openssh-6.6p1/readconf.c @@ -50,16 +50,17 @@ #include "key.h" #include "readconf.h" #include "match.h" #include "misc.h" #include "buffer.h" #include "kex.h" #include "mac.h" #include "uidswap.h" +#include "dh.h" /* Format of the configuration file: # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. @@ -141,17 +142,18 @@ typedef enum { oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, oGssEnableMITM, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oControlPersist, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oVisualHostKey, oUseRoaming, - oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, + oKexAlgorithms, oKexDHMin, + oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; /* Textual representations of the tokens. */ static struct { @@ -250,29 +252,33 @@ static struct { { "hashknownhosts", oHashKnownHosts }, { "tunnel", oTunnel }, { "tunneldevice", oTunnelDevice }, { "localcommand", oLocalCommand }, { "permitlocalcommand", oPermitLocalCommand }, { "visualhostkey", oVisualHostKey }, { "useroaming", oUseRoaming }, { "kexalgorithms", oKexAlgorithms }, + { "kexdhmin", oKexDHMin }, { "ipqos", oIPQoS }, { "requesttty", oRequestTTY }, { "proxyusefdpass", oProxyUseFdpass }, { "canonicaldomains", oCanonicalDomains }, { "canonicalizefallbacklocal", oCanonicalizeFallbackLocal }, { "canonicalizehostname", oCanonicalizeHostname }, { "canonicalizemaxdots", oCanonicalizeMaxDots }, { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs }, { "ignoreunknown", oIgnoreUnknown }, { NULL, oBadOption } }; +/* import from dh.c */ +extern int dh_grp_min; + /* * Adds a local TCP/IP port forward to options. Never returns if there is an * error. */ void add_local_forward(Options *options, const Forward *newfwd) { @@ -1063,16 +1069,20 @@ parse_int: filename, linenum); if (!kex_names_valid(arg)) fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (*activep && options->kex_algorithms == NULL) options->kex_algorithms = xstrdup(arg); break; + case oKexDHMin: + intptr = &options->kex_dhmin; + goto parse_int; + case oHostKeyAlgorithms: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); if (!key_names_valid2(arg)) fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (*activep && options->hostkeyalgorithms == NULL) @@ -1520,16 +1530,17 @@ initialize_options(Options * options) options->address_family = -1; options->connection_attempts = -1; options->connection_timeout = -1; options->number_of_password_prompts = -1; options->cipher = -1; options->ciphers = NULL; options->macs = NULL; options->kex_algorithms = NULL; + options->kex_dhmin = -1; options->hostkeyalgorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; options->hostname = NULL; options->host_key_alias = NULL; options->proxy_command = NULL; options->user = NULL; options->escape_char = -1; @@ -1656,16 +1667,23 @@ fill_default_options(Options * options) if (options->number_of_password_prompts == -1) options->number_of_password_prompts = 3; /* Selected in ssh_login(). */ if (options->cipher == -1) options->cipher = SSH_CIPHER_NOT_SET; /* options->ciphers, default set in myproposals.h */ /* options->macs, default set in myproposals.h */ /* options->kex_algorithms, default set in myproposals.h */ + if (options->kex_dhmin == -1) + options->kex_dhmin = DH_GRP_MIN_RFC; + else { + options->kex_dhmin = MAX(options->kex_dhmin, DH_GRP_MIN_RFC); + options->kex_dhmin = MIN(options->kex_dhmin, DH_GRP_MAX); + } + dh_grp_min = options->kex_dhmin; /* options->hostkeyalgorithms, default set in myproposals.h */ if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_2; if (options->num_identity_files == 0) { if (options->protocol & SSH_PROTO_1) { add_identity_file(options, "~/", _PATH_SSH_CLIENT_IDENTITY, 0); } diff --git a/openssh-6.6p1/readconf.h b/openssh-6.6p1/readconf.h --- a/openssh-6.6p1/readconf.h +++ b/openssh-6.6p1/readconf.h @@ -79,16 +79,17 @@ typedef struct { * aborting connection attempt */ int number_of_password_prompts; /* Max number of password * prompts. */ int cipher; /* Cipher to use. */ char *ciphers; /* SSH2 ciphers in order of preference. */ char *macs; /* SSH2 macs in order of preference. */ char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ char *kex_algorithms; /* SSH2 kex methods in order of preference. */ + int kex_dhmin; /* minimum bit length of the DH group parameter */ int protocol; /* Protocol in order of preference. */ char *hostname; /* Real host to connect. */ char *host_key_alias; /* hostname alias for .ssh/known_hosts */ char *proxy_command; /* Proxy command for connecting the host. */ char *user; /* User to log in as. */ int escape_char; /* Escape character; -2 = none */ u_int num_system_hostfiles; /* Paths for /etc/ssh/ssh_known_hosts */ diff --git a/openssh-6.6p1/servconf.c b/openssh-6.6p1/servconf.c --- a/openssh-6.6p1/servconf.c +++ b/openssh-6.6p1/servconf.c @@ -49,16 +49,20 @@ #include "mac.h" #include "match.h" #include "channels.h" #include "groupaccess.h" #include "canohost.h" #include "packet.h" #include "hostfile.h" #include "auth.h" +#include "dh.h" + +/* import from dh.c */ +extern int dh_grp_min; static void add_listen_addr(ServerOptions *, char *, int); static void add_one_listen_addr(ServerOptions *, char *, int); /* Use of privilege separation or not */ extern int use_privsep; extern Buffer cfg; @@ -124,16 +128,17 @@ initialize_server_options(ServerOptions options->allow_agent_forwarding = -1; options->num_allow_users = 0; options->num_deny_users = 0; options->num_allow_groups = 0; options->num_deny_groups = 0; options->ciphers = NULL; options->macs = NULL; options->kex_algorithms = NULL; + options->kex_dhmin = -1; options->protocol = SSH_PROTO_UNKNOWN; options->gateway_ports = -1; options->num_subsystems = 0; options->max_startups_begin = -1; options->max_startups_rate = -1; options->max_startups = -1; options->max_authtries = -1; options->max_sessions = -1; @@ -161,16 +166,23 @@ void fill_default_server_options(ServerOptions *options) { /* Portable-specific options */ if (options->use_pam == -1) options->use_pam = 0; if (options->use_pam_check_locks == -1) options->use_pam_check_locks = 0; + if (options->kex_dhmin == -1) + options->kex_dhmin = DH_GRP_MIN_RFC; + else { + options->kex_dhmin = MAX(options->kex_dhmin, DH_GRP_MIN_RFC); + options->kex_dhmin = MIN(options->kex_dhmin, DH_GRP_MAX); + } + dh_grp_min = options->kex_dhmin; /* Standard Options */ if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_2; if (options->num_host_key_files == 0) { /* fill default hostkeys for protocols */ if (options->protocol & SSH_PROTO_1) options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE; @@ -346,17 +358,18 @@ typedef enum { sBanner, sUseDNS, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sKexAlgorithms, sIPQoS, sVersionAddendum, + sKexAlgorithms, sKexDHMin, + sIPQoS, sVersionAddendum, sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sDeprecated, sUnsupported } ServerOpCodes; #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) @@ -474,16 +487,17 @@ static struct { { "permitopen", sPermitOpen, SSHCFG_ALL }, { "forcecommand", sForceCommand, SSHCFG_ALL }, { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, + { "kexdhmin", sKexDHMin }, { "ipqos", sIPQoS, SSHCFG_ALL }, { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -1325,16 +1339,20 @@ process_server_config_line(ServerOptions filename, linenum); if (!kex_names_valid(arg)) fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (options->kex_algorithms == NULL) options->kex_algorithms = xstrdup(arg); break; + case sKexDHMin: + intptr = &options->kex_dhmin; + goto parse_int; + case sProtocol: intptr = &options->protocol; arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); value = proto_spec(arg); if (value == SSH_PROTO_UNKNOWN) fatal("%s line %d: Bad protocol spec '%s'.", @@ -1986,16 +2004,17 @@ dump_config(ServerOptions *o) dump_cfg_int(sServerKeyBits, o->server_key_bits); dump_cfg_int(sLoginGraceTime, o->login_grace_time); dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); dump_cfg_int(sMaxAuthTries, o->max_authtries); dump_cfg_int(sMaxSessions, o->max_sessions); dump_cfg_int(sClientAliveInterval, o->client_alive_interval); dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); + dump_cfg_int(sKexDHMin, o->kex_dhmin); /* formatted integer arguments */ dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication); dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, diff --git a/openssh-6.6p1/servconf.h b/openssh-6.6p1/servconf.h --- a/openssh-6.6p1/servconf.h +++ b/openssh-6.6p1/servconf.h @@ -85,16 +85,17 @@ typedef struct { int permit_tty; /* If false, deny pty allocation */ int strict_modes; /* If true, require string home dir modes. */ int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ char *ciphers; /* Supported SSH2 ciphers. */ char *macs; /* Supported SSH2 macs. */ char *kex_algorithms; /* SSH2 kex methods in order of preference. */ + int kex_dhmin; /* minimum bit length of the DH group parameter */ int protocol; /* Supported protocol versions. */ int gateway_ports; /* If true, allow remote connects to forwarded ports. */ SyslogFacility log_facility; /* Facility for system logging. */ LogLevel log_level; /* Level for system logging. */ int rhosts_rsa_authentication; /* If true, permit rhosts RSA * authentication. */ int hostbased_authentication; /* If true, permit ssh2 hostbased auth */ int hostbased_uses_name_from_packet_only; /* experimental */ diff --git a/openssh-6.6p1/ssh_config b/openssh-6.6p1/ssh_config --- a/openssh-6.6p1/ssh_config +++ b/openssh-6.6p1/ssh_config @@ -12,16 +12,21 @@ # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. +# Minimum accepted size of the DH parameter p. By default this is set to 1024 +# to maintain compatibility with RFC4419, but should be set higher. +# Upstream default is identical to setting this to 2048. +#KexDHMin 1024 + Host * # ForwardAgent no # ForwardX11 no # If you do not trust your remote host (or its administrator), you # should not forward X11 connections to your local X11-display for # security reasons: Someone stealing the authentification data on the # remote side (the "spoofed" X-server by the remote sshd) can read your diff --git a/openssh-6.6p1/ssh_config.0 b/openssh-6.6p1/ssh_config.0 --- a/openssh-6.6p1/ssh_config.0 +++ b/openssh-6.6p1/ssh_config.0 @@ -516,16 +516,33 @@ DESCRIPTION curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 + KexDHMin + Specifies the minimum accepted bit length of the DH group + parameter p. + + As per RFC4419, this is 1024 bits, however this has increasingly + been seen as insecure, which prompted the change to 2048 bits. + Setting this option allows the client to accept parameters shorter + than the current minimum, down to the RFC specified 1024 bits. + Using this option may be needed when connecting to servers that + only know short DH group parameters. + + Note, that while by default this option is set to 1024 to maintain + maximum backward compatibility, using it can severly impact + security and thus should be viewed as a temporary fix of last + resort and all efforts should be made to fix the (broken) + counterparty. + LocalCommand Specifies a command to execute on the local machine after successfully connecting to the server. The command string extends to the end of the line, and is executed with the user's shell. The following escape character substitutions will be performed: `%d' (local user's home directory), `%h' (remote host name), `%l' (local host name), `%n' (host name as provided on the command line), `%p' (remote port), `%r' (remote user name) or diff --git a/openssh-6.6p1/ssh_config.5 b/openssh-6.6p1/ssh_config.5 --- a/openssh-6.6p1/ssh_config.5 +++ b/openssh-6.6p1/ssh_config.5 @@ -892,16 +892,32 @@ The default is: .Bd -literal -offset indent curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 .Ed +.It Cm KexDHMin +Specifies the minimum accepted bit length of the DH group +parameter p. +.Pp +As per RFC4419, this is 1024 bits, however this has increasingly +been seen as insecure, which prompted the change to 2048 bits. +Setting this option allows the client to accept parameters shorter +than the current minimum, down to the RFC specified 1024 bits. +Using this option may be needed when connecting to servers that +only know short DH group parameters. +.Pp +Note, that while by default this option is set to 1024 to maintain +maximum backward compatibility, using it can severly impact +security and thus should be viewed as a temporary fix of last +resort and all efforts should be made to fix the (broken) +counterparty. .It Cm LocalCommand Specifies a command to execute on the local machine after successfully connecting to the server. The command string extends to the end of the line, and is executed with the user's shell. The following escape character substitutions will be performed: .Ql %d (local user's home directory), diff --git a/openssh-6.6p1/sshd_config b/openssh-6.6p1/sshd_config --- a/openssh-6.6p1/sshd_config +++ b/openssh-6.6p1/sshd_config @@ -21,16 +21,21 @@ # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key +# Minimum accepted size of the DH parameter p. By default this is set to 1024 +# to maintain compatibility with RFC4419, but should be set higher. +# Upstream default is identical to setting this to 2048. +#KexDHMin 1024 + # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 # Ciphers and keying #RekeyLimit default none # Logging diff --git a/openssh-6.6p1/sshd_config.0 b/openssh-6.6p1/sshd_config.0 --- a/openssh-6.6p1/sshd_config.0 +++ b/openssh-6.6p1/sshd_config.0 @@ -407,16 +407,33 @@ DESCRIPTION curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 + KexDHMin + Specifies the minimum accepted bit length of the DH group + parameter p. + + As per RFC4419, this is 1024 bits, however this has increasingly + been seen as insecure, which prompted the change to 2048 bits. + Setting this option allows the server to accept parameters shorter + than the current minimum, down to the RFC specified 1024 bits. + Using this option may be needed when some of the connectiong + clients only know short DH group parameters. + + Note, that while by default this option is set to 1024 to maintain + maximum backward compatibility, using it can severly impact + security and thus should be viewed as a temporary fix of last + resort and all efforts should be made to fix the (broken) + counterparty. + KeyRegenerationInterval In protocol version 1, the ephemeral server key is automatically regenerated after this many seconds (if it has been used). The purpose of regeneration is to prevent decrypting captured sessions by later breaking into the machine and stealing the keys. The key is never stored anywhere. If the value is 0, the key is never regenerated. The default is 3600 (seconds). diff --git a/openssh-6.6p1/sshd_config.5 b/openssh-6.6p1/sshd_config.5 --- a/openssh-6.6p1/sshd_config.5 +++ b/openssh-6.6p1/sshd_config.5 @@ -675,16 +675,32 @@ The default is .Bd -literal -offset indent curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 .Ed +.It Cm KexDHMin +Specifies the minimum accepted bit length of the DH group +parameter p. +.Pp +As per RFC4419, this is 1024 bits, however this has increasingly +been seen as insecure, which prompted the change to 2048 bits. +Setting this option allows the server to accept parameters shorter +than the current minimum, down to the RFC specified 1024 bits. +Using this option may be needed when some of the connectiong +clients only know short DH group parameters. +.Pp +Note, that while by default this option is set to 1024 to maintain +maximum backward compatibility, using it can severly impact +security and thus should be viewed as a temporary fix of last +resort and all efforts should be made to fix the (broken) +counterparty. .It Cm KeyRegenerationInterval In protocol version 1, the ephemeral server key is automatically regenerated after this many seconds (if it has been used). The purpose of regeneration is to prevent decrypting captured sessions by later breaking into the machine and stealing the keys. The key is never stored anywhere. If the value is 0, the key is never regenerated.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor