IETF Logo Mail Archive

Re: [Curdle] [saag] Time for SSH3?

Theodore Ts'o <tytso@mit.edu> Thu, 21 December 2023 21:45 UTC

Return-Path: <tytso@mit.edu>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51F05C14CE2E for <curdle@ietfa.amsl.com>; Thu, 21 Dec 2023 13:45:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hZldtKLTWRGD for <curdle@ietfa.amsl.com>; Thu, 21 Dec 2023 13:45:53 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3358EC15C29F for <curdle@ietf.org>; Thu, 21 Dec 2023 13:45:53 -0800 (PST)
Received: from cwcc.thunk.org (pool-173-48-113-111.bstnma.fios.verizon.net [173.48.113.111]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 3BLLjaZU023970 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 21 Dec 2023 16:45:37 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1703195139; bh=4TtmWAYL7CEIItCKqgE38GuFVPPhQRg3PXRxp41Xbes=; h=Date:From:Subject:Message-ID:MIME-Version:Content-Type; b=GHlY0pAJxCsHTTEw5OFDedh57/EXIUWNoxGGfghZM8ljDSGXGR20lGs9y9mgf353n 9uCL4cMYiLk6oPp07xHghhCYSn+3AY796/AzDdNsmU2j03FvK5N7z614f+OFfWlkRD Gl9ZCer1IHNbXm/WmoYxA0mHtBTzh6CdOauIp9Rppyimb13XX+8b5FvkS6wzXrB6Ou rE3enXefGej9OF1uVrfaZf++hI/MIkGa4ktk5skeyD8M3v7sau+jlgc08h+x96a82e 5PSYYb2U9mtNZv4lleo0eLMLD6EvzjWNWapRzkfVbbKO+6my/IlJC3hEexta7htTSq xGMwRK9sEnDIg==
Received: by cwcc.thunk.org (Postfix, from userid 15806) id 71A9815C02AA; Thu, 21 Dec 2023 16:45:36 -0500 (EST)
Date: Thu, 21 Dec 2023 16:45:36 -0500
From: Theodore Ts'o <tytso@mit.edu>
To: Paul Wouters <paul.wouters@aiven.io>, peter@akayla.com
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Matt Johnston <matt@ucc.asn.au>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, saag <saag@ietf.org>, curdle@ietf.org
Message-ID: <20231221214536.GA325499@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <00ca01da343b$0db59610$2920c230$@akayla.com> <AF53D51E-18C5-4152-A068-05627950FECF@aiven.io>
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/Kqxz8UkklrZtheMQODhBAe3z9QM>
Subject: Re: [Curdle] [saag] Time for SSH3?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2023 21:45:57 -0000

On Thu, Dec 21, 2023 at 09:02:07AM -0500, Paul Wouters wrote:
> On Dec 21, 2023, at 00:44, Theodore Ts'o <tytso@mit.edu> wrote:
> > 
> > [1] https://www.ssh-audit.com/hardening_guides.html
> 
> This guide does the wrong things for the RHEL entries that I checked
> by modifying crypto-policies that are not meant to be edited. If you
> want stricter crypto, run: update-crypto-policies —set FUTURE (or
> FIPS)

Unfortunately, update-crypto-policies is a RHEL special.  We really do
need a general tool because there is no good easy / easy way to set a
consistent set of crpyto policies across all network protocols and
which work as new versions of openssh, openssl, kerberos, et. al.


On Thu, Dec 21, 2023 at 10:25:18AM -0800, peter@akayla.com wrote:
> >At least for people using OpenSSH it's just a set of pilers being
> >applied to the ssh and sshd config file[1].   :-)
> 
> >[1] https://www.ssh-audit.com/hardening_guides.html
> 
> I hope no one mistakenly uses those guides as they are currently written.
> They're all pre-Terrapin and contain the chacha20-poly1305 cipher and
> -etm@openssh.com MACs.

Yeah, I hadn't noticed that; thanks for pointing that out.  The
ssh-audit script (at least the development version in git and in pypy)
has been updated to take into account Terrapin, but the hardening
guides haven't been.  Unfortunately, the fact that OpenSSH doesn't
have a good way of supporting crypto profiles makes configuring
OpenSSH's crypto alogrythms difficult.  :-(

For myself, I had used sshd -T and then manually creating my own
hardening config in /etc/ssh/sshd_config.d on my Debian system, but
that's just way too difficult for most civilians --- and Debian
doesn't have RHEL'supdate-crypto-policies.

						- Ted

v2.23.0 | Report a Bug | By Email