Compressing data before encryption may be dangerous, for example CRIME, BREACH and VORACLE. Can compression be disabled by default in OpenSSH, only being enabled if user requests it? Another scenario when SSH compression may be bad is use of commands like tar cz | ssh root at remote "tar xz", which seem pretty common. If SSH compression is enabled, data will be (wastefully) compressed twice.
Hi Yegor, The OpenSSH sources already disable SSH compression by default. Look in myproposal.h for how KEX_DEFAULT_COMP is defined. #define KEX_DEFAULT_COMP "none,zlib at openssh.com" Looking at a verbose connection: The client sends to the server "none,zlib at openssh.com,zlib" The server sends to the client "none,zlib at openssh.com,zlib" The sshconnect2.c ammends the conversation to update the default based on the 'compression' option ('ssh -C' or 'ssh -oCompression=yes' or in the config file). -- Mark
On Sat, 16 Feb 2019, Yegor Ievlev wrote:> Compressing data before encryption may be dangerous, for example > CRIME, BREACH and VORACLE. Can compression be disabled by default in > OpenSSH, only being enabled if user requests it?I'm going to suggest that you read the manual pages to learn the available options and their defaults before troubling a >1000 person mailing list. We put quite a bit of effort into the manual pages and it makes us sad when people don't read them. -d
>I was confused since client advertises compression support to theserver by default. To be precise, I checked it using Wireshark. Apologies for not reading the manual. On Mon, Feb 18, 2019 at 1:20 AM Damien Miller <djm at mindrot.org> wrote:> > On Sat, 16 Feb 2019, Yegor Ievlev wrote: > > > Compressing data before encryption may be dangerous, for example > > CRIME, BREACH and VORACLE. Can compression be disabled by default in > > OpenSSH, only being enabled if user requests it? > > I'm going to suggest that you read the manual pages to learn > the available options and their defaults before troubling a >1000 > person mailing list. We put quite a bit of effort into the manual > pages and it makes us sad when people don't read them. > > -d
Reasonably Related Threads
- Suggestion: Deprecate SSH certificates and move to X.509 certificates
- Suggestion: Deprecate SSH certificates and move to X.509 certificates
- Can we disable diffie-hellman-group14-sha1 by default?
- Can we disable diffie-hellman-group-exchange-sha1 by default?
- Can we disable diffie-hellman-group14-sha1 by default?