bugzilla-daemon at bugzilla.mindrot.org
2017-Oct-09 18:41 UTC
[Bug 2793] New: DH Group Exchange Incorrect Fallback
https://bugzilla.mindrot.org/show_bug.cgi?id=2793 Bug ID: 2793 Summary: DH Group Exchange Incorrect Fallback Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: jtesta at positronsecurity.com Created attachment 3066 --> https://bugzilla.mindrot.org/attachment.cgi?id=3066&action=edit Patch to remove the fallback mechanism. (This issue was discussed in-depth on the openssh-unix-dev mailing list here: https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-September/036217.html) The Diffie-Hellman group exchange code has a fallback mechanism in case a sufficient entry in /etc/ssh/moduli is not found. Unfortunately, this mechanism directly disobeys what a sysadmin wants. For example, if the sysadmin deletes all DH groups with moduli smaller than 3072-bit, code will nevertheless return 2048-bit group14 (see dh.c:441). The correct behavior would be to disconnect with the client. In fact, ALL cases where a sufficient group cannot be found in /etc/ssh/moduli should result in a disconnect, as the admin has indicated that *only* those listed in that file should be used. Hence, the attached patch fully removes this fallback mechanism in order to respect the admin's wishes. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Oct-09 20:28 UTC
[Bug 2793] DH Group Exchange Incorrect Fallback
https://bugzilla.mindrot.org/show_bug.cgi?id=2793 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- Comment on attachment 3066 --> https://bugzilla.mindrot.org/attachment.cgi?id=3066 Patch to remove the fallback mechanism. I'm not sure I agree with removing the fallback and I don't think making people edit the moduli file is a great way to control which groups are negotiated. IMO a general MinimumDHSize option would probably be a better way to achieve this. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Dec-03 13:53 UTC
[Bug 2793] DH Group Exchange Incorrect Fallback
https://bugzilla.mindrot.org/show_bug.cgi?id=2793 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at dtucker.net Blocks| |3740 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3740 [Bug 3740] Tracking bug for OpenSSH 10.0 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2024-Dec-03 16:29 UTC
[Bug 2793] DH Group Exchange Incorrect Fallback
https://bugzilla.mindrot.org/show_bug.cgi?id=2793 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #2 from Darren Tucker <dtucker at dtucker.net> --- I just committed part of this change: Remove fallback to compiled-in gropup for dhgex when the moduli file exists, but does not contain moduli within the client-requested range. The fallback behaviour remains for the case where the moduli file does not exist (typically, running tests prior to installing).>From bz#2793, based in part on patch from Joe Testa, ok djm@Thanks for the report and patch. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.