On Sun, May 24, 2015 at 1:14 AM, Grant <emailgrant@xxxxxxxxx> wrote:
> > Can this be addressed in ssh_config/sshd_config with the KexAlgorithms
> setting?
>
> weakdh.org/sysadmin.html recommends adding:
>
> KexAlgorithms curve25519-sha256@xxxxxxxxxx
>
> But this thread makes it sound as if it's not necessary. Can anyone
> confirm? Personally I'm on openssh-6.7.
>
There's 3 pieces of advice for OpenSSH there, and IMO two of them are bad
including that one.
Firstly the somewhat reasonable one: remove diffie-hellman-group1-sha1 from
KexAlgorithms, ie
KexAlgorithms curve25519-sha256@xxxxxxxxxx
,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
That still means it'll break any implementation that doesn't do at least
group14. I don't know of one, but it's possible.
Of the other two suggestions:
- having just curve25519-sha256@xxxxxxxxxx will break interop with
anything that doesn't support it (and many don't) and doesn't buy you much
since on the client side the stronger methods will get used by preference.
- regenerating the moduli file is in itself not a bad idea, but the
instructions given will result in a file that has only 2kbit groups, which
will result in significantly *weaker* groups being used in many cases (eg
OpenSSH will typically ask for 3kbit to 8kbit groups.
The other possible action that IMO would be reasonable but is not listed:
remove all of the 1kbit and 1.5kbit groups from the moduli file (or
omitting them when regenerating).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
