Ssh changes in 2.3.2 ?



  • The update went smoothly, but afterwards I'm not able to access the router via ssh from Windows with java-based minderm. Linux ssh still works. It was a problem with putty too, but updating the binary resolved the issue.
    From the logs:

    Connection closed by 192.168.5.61 port 51532 [preauth]

    Mindterm:

    Error generating DiffieHellman keys: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive)
    

    Any suggestion?


  • Rebel Alliance Developer Netgate

    We disabled some older insecure Key Exchange Algorithms. You might need to update whatever library is used for SSH in that application.


  • Rebel Alliance Global Moderator

    Nice… Did you enable ed25519 for kex and chacha20 for cipher?  I had edited the config to enable them, but be nice not to have to edit the config on an update.

    debug1: Authenticating to pfsense.local.lan:22 as 'root'
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256@libssh.org
    debug1: kex: host key algorithm: ssh-ed25519
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit>compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit>compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ssh-ed25519 SHA256:I0WQR9Eyjlcgf/vN</implicit></implicit>


  • Rebel Alliance Developer Netgate

    KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
    
    
    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
    
    

  • Rebel Alliance Global Moderator

    nice!!  Now if could just get cisco to update their shit, all my ssh stuff would be chacha20 and ed25519…



  • Sorry if it's bad form to bring this back from the dead, but I was searching looking for the post where the merits of the various algos were discussed. Can someone point me in the right direction.
    (Even a short offsite article would be fine.)

    What kex / crypto algos should I be using (and NOT using)?

    @johnpoz you get so many people bitching that I'd like to add a bit of balance. Yes it is a PITA when these programs don't work, but I agree that outdated/ineffective security is almost worse than no security at all (For those who know how they should file bug reports--and maybe provide instructions so lots of others can add their voice and hopefully increase the priority).

    It is because of pfSense and excellent commentary here in the form that I (a non-it-professional) have an understanding of and access to good gateway security. I no longer have to deal with cludgy dd-wrt flashes or put up with the consumer $#it - which is often full of holes. The pfSense team is top notch, and there are a lot of very bright people in the community looking over their shoulders to catch things that might slip. Thanks to all for your excellent work.

    @johnpoz said in Ssh changes in 2.3.2 ?:

    nice!! Now if could just get cisco to update their shit, all my ssh stuff would be chacha20 and ed25519…
    Come on @johnpoz why would Cisco want to do that and make life difficult for the NSA? 😉


  • Rebel Alliance Global Moderator

    Not sure exactly what your looking for - but here is a blog post by the person that brought chacha20 to openssh and has some reasons why he did so, etc.

    http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html



  • @johnpoz said in Ssh changes in 2.3.2 ?:

    Not sure exactly what your looking for - but here is a blog post by the person that brought chacha20 to openssh and has some reasons why he did so, etc.

    http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html
    Thanks @johnpoz good article. I hadn't heard of these before.

    There was a post that listed which algos were best/safe for OpenSSH-can't remember what else. Something with general best parctices would be helpful.