openssh bugs - Jun 2020 - [Bug 3184] New: Unable to add deprecated KexAlgorithms back for host via config file

https://bugzilla.mindrot.org/show_bug.cgi?id=3184

            Bug ID: 3184
           Summary: Unable to add deprecated KexAlgorithms back for host
                    via config file
           Product: Portable OpenSSH
           Version: 8.2p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: nneul at neulinger.org

I understand the desire to remove diffie-hellman-group14-sha1 for
example from the default offers - and agree completely with that. This
bug is NOT about the removal/default changes. 

Somewhere between 7.6p1 and 8.2p1 the ability to add the deprecated
algorithms back in via config has broken. IT DOES WORK on command line.
It's only in the config file parsing where it fails. (i.e. I can no
longer add a 'Host old-PoS-router  KexAlgorithms insecureone' entry to
my config. 

This worked as of 7.6p1. Note that it is also not specific to the
deprecated ones, it appears to be a general issue with that option
being ignored in the config file.

For example, with 7.6p1, if I put:

Host *
   KexAlgorithms ecdh-sha2-nistp521

in config, and run with -vvv, I see: 

debug2: local client KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp521,ext-info-c


but with 8.2p1, the offer just shows the default regardless of the
content of the settings in config:

debug2: local client KEXINIT proposal
debug2: KEX algorithms:
curve25519-sha256,curve25519-sha256 at
libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c



I'll see if I can find where specifically this broke.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3184

--- Comment #1 from Nathan Neulinger <nneul at neulinger.org> ---
Some further digging - it appears it's not exactly as described.

It's obeying the config when the config is SIMPLE. But if I put:

KexAlgorithms +diffie-hellman-group1-sha1

it's like it's getting stuck with the default, and ignoring any other
changes. Trying to find more detail.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3184

--- Comment #2 from Nathan Neulinger <nneul at neulinger.org> ---
I was able to work around this... Maybe it's expected, but there
appears to be something "magic" about adding group1-sha1 that
interferes with incrementally adding other entries.

Adding all of them in one shot appears to work fine even on current
versions.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3184

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #3 from Jakub Jelen <jjelen at redhat.com> ---
Please, post the complete debug log and check what is in all the
configuration files (also included if you have some).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3184

--- Comment #4 from Nathan Neulinger <nneul at neulinger.org> ---
AH, I think I now understand what the problem is with what I was doing.

The KexAlgorithms config setting in config file ONLY WORKS ONCE.

i.e. you cannot do:

KexAlgorithms +diffie-hellman-group1-sha1
KexAlgorithms +diffie-hellman-group-exchange-sha1

but when specified via command line, it appears to allow another
override (or it's being processed first). 

Above snippet results in it listing group1-sha1, but NOT the
group-exchange-sha1. 


Is that "one shot" expected? It sure doesn't appear that way from
documentation.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3184

--- Comment #5 from Nathan Neulinger <nneul at neulinger.org> ---
Created attachment 3413
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3413&action=edit
Trace of ssh -vvv

Example trace with this conf file in /tmp/testconf:

KexAlgorithms diffie-hellman-group14-sha1
KexAlgorithms +diffie-hellman-group1-sha1
KexAlgorithms +diffie-hellman-group-exchange-sha1

and invoked as:

ssh -F /tmp/testconf -vvv root at localhost id >/tmp/trace.txt 2>&1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3184

--- Comment #6 from Nathan Neulinger <nneul at neulinger.org> ---
This appears to be long standing behavior, I had always had the
+diffie-hellman-group1-sha1 and only noticed the change with upgrade to
Ubuntu20 when the group-exchange-sha1 was also removed in current
versions.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3184

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #7 from Damien Miller <djm at mindrot.org> ---
This is expected behaviour - ssh'd config is "first match wins"
for
most configuration options. I.e only the first configuration option is
considered. This is documented at the start of ssh_config(1):

"For each parameter, the first obtained value will be used."

You should be able to do:

KexAlgorithms
+diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

to get the behaviour you want.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3184

Nathan Neulinger <nneul at neulinger.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #8 from Nathan Neulinger <nneul at neulinger.org> ---
Totally explains the behavior, sorry for the wasted time.

Thank you.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3184

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #9 from Damien Miller <djm at mindrot.org> ---
close bugs that were resolved in OpenSSH 8.5 release cycle

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.