Ssh changes in 2.3.2 ?
-
The update went smoothly, but afterwards I'm not able to access the router via ssh from Windows with java-based minderm. Linux ssh still works. It was a problem with putty too, but updating the binary resolved the issue.
From the logs:Connection closed by 192.168.5.61 port 51532 [preauth]
Mindterm:
Error generating DiffieHellman keys: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive)
Any suggestion?
-
We disabled some older insecure Key Exchange Algorithms. You might need to update whatever library is used for SSH in that application.
-
Nice… Did you enable ed25519 for kex and chacha20 for cipher? I had edited the config to enable them, but be nice not to have to edit the config on an update.
debug1: Authenticating to pfsense.local.lan:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit>compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit>compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:I0WQR9Eyjlcgf/vN</implicit></implicit> -
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
-
nice!! Now if could just get cisco to update their shit, all my ssh stuff would be chacha20 and ed25519…
-
Sorry if it's bad form to bring this back from the dead, but I was searching looking for the post where the merits of the various algos were discussed. Can someone point me in the right direction.
(Even a short offsite article would be fine.)What kex / crypto algos should I be using (and NOT using)?
@johnpoz you get so many people bitching that I'd like to add a bit of balance. Yes it is a PITA when these programs don't work, but I agree that outdated/ineffective security is almost worse than no security at all (For those who know how they should file bug reports--and maybe provide instructions so lots of others can add their voice and hopefully increase the priority).
It is because of pfSense and excellent commentary here in the form that I (a non-it-professional) have an understanding of and access to good gateway security. I no longer have to deal with cludgy dd-wrt flashes or put up with the consumer $#it - which is often full of holes. The pfSense team is top notch, and there are a lot of very bright people in the community looking over their shoulders to catch things that might slip. Thanks to all for your excellent work.
@johnpoz said in Ssh changes in 2.3.2 ?:
nice!! Now if could just get cisco to update their shit, all my ssh stuff would be chacha20 and ed25519…
Come on @johnpoz why would Cisco want to do that and make life difficult for the NSA? -
Not sure exactly what your looking for - but here is a blog post by the person that brought chacha20 to openssh and has some reasons why he did so, etc.
http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html
-
@johnpoz said in Ssh changes in 2.3.2 ?:
Not sure exactly what your looking for - but here is a blog post by the person that brought chacha20 to openssh and has some reasons why he did so, etc.
http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html
Thanks @johnpoz good article. I hadn't heard of these before.There was a post that listed which algos were best/safe for OpenSSH-can't remember what else. Something with general best parctices would be helpful.