bugzilla-daemon at mindrot.org
2014-Oct-28 20:21 UTC
[Bug 2303] New: ssh (and perhaps even sshd) should allow to specify the minimum DH group sizes for DH GEX
https://bugzilla.mindrot.org/show_bug.cgi?id=2303
Bug ID: 2303
Summary: ssh (and perhaps even sshd) should allow to specify
the minimum DH group sizes for DH GEX
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: calestyo at scientia.net
Hi.
I think it would be a nice feature if ssh/libssh allow to specify the
minimum and maximum accepted group size for DH GEX.
Currently the limits are hardcoded between 1024 - 8912, but this may
not be enough for the security margins expected by client users or
server operators.
A server operator can apparently easy protect against too small groups,
by simply disabling the respective algos (diffie-hellman-group1-sha1
and diffie-hellman-group14-sha1) respectively removing all those
entries from /etc/ssh/moduli, which are considered to be too small.
Well not exactly since there is bug #2302.
But a client has currently no way to restrict the servers choice
(unless by recomiling with new hardcoded defaults).
Of course on cannot protect this way against evil servers, but it's a
good way against those which are just weakly configured without
malicious intent.
I think it's also worth to allow changing the maximum size,... cause
the RFC seems to only suggest a maximum of 8192, but doesn't forbid any
higher.
But people should probably not be allowed to manually set something
smaller than the current 1024.
If the server doesn't accept the client's choice or cannot serve it,
the connection should be aborted and no fallback be made as in #2302.
Cheers,
Chris.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Oct-28 20:29 UTC
[Bug 2303] ssh (and perhaps even sshd) should allow to specify the minimum DH group sizes for DH GEX
https://bugzilla.mindrot.org/show_bug.cgi?id=2303 --- Comment #1 from Christoph Anton Mitterer <calestyo at scientia.net> --- Oh and regarding sshd... well not sure if it makes sense to allow setting the minimum value for the server side... it may make it easier to disable smaller DH groups without the need to edit the moduli file. But it probably does make sense to allow chaning the max... at least to the value that is supported by sshd. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Dec-06 15:47 UTC
[Bug 2303] ssh (and perhaps even sshd) should allow to specify the minimum DH group sizes for DH GEX
https://bugzilla.mindrot.org/show_bug.cgi?id=2303
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
CC| |djm at mindrot.org
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Darren recently removed the fallbacks for when moduli are missing so
you can control the group size by only listing moduli of particular
lengths
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Reasonably Related Threads
- [Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
- [Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
- [Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
- [Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
- [Bug 769] dh-group-exchange should be configurable off in client and server