SSHD, diffie-hellman-group1-sha1 , and FreeBSD 13-stable
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 31 Jan 2022 02:13:16 UTC
I recently built a new server running freebsd-13-stable, and ran into an
unexpected problem. It may be that there is no reasonable fix for this
problem, but I thought I'd ask in case I'm missing something simple.
This new server is replacing an older server which was last updated in
February 2021. The original server needs to accept ssh connections
coming some servers which are painfully ancient. Years ago OpenSSH
disabled support for the key-exchange algorithm named
diffie-hellman-group1-sha1 in the default configuration. Unfortunately
my server needs to accept connections from systems so old that they
don't support any of the newer Kex algorithms. In my older build of
this server, I handled this need by adding the line:
KexAlgorithms +diffie-hellman-group1-sha1
in /etc/ssh/sshd_config, and that worked fine.
In the newer system that config line flags an error:
-# /usr/sbin/sshd -f /etc/ssh/sshd_config4 -t
/etc/ssh/sshd_config4: line 156: Bad configuration option:
KexAlgorithm
/etc/ssh/sshd_config4: terminating, 1 bad configuration options
(It's "sshd_config4" instead of "sshd_config" because I have this in a
copy of 'sshd' running on a separate port from the standard 'sshd'.
This allows me to strictly limit which hosts are allowed to even try to
use diffie-hellman-group1-sha1).
So far I'm not even sure which component is rejecting the option. I
notice, for instance, that the option is still available and works when
specified on an 'ssh' command. This command works fine:
-# ssh -4e none -oKexAlgorithms=+diffie-hellman-group1-sha1 \
-oCiphers=aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
\
me@sad.ancient.server.rpi.edu
(that command will succeed at logging into the ancient server, while
'ssh' cannot login to the ancient server unless I add those two
-Options).
Based on some searches of the web and mailing lists, I tried an
experiment of adding the line:
WITH_OPENSSL_KTLS=yes
to the file /etc/src.conf . I then did a 'make cleanworld ; make
buildworld'. The build and install worked fine, but sshd still won't
accept the option for kex diffie-hellman-group1-sha1. Perhaps I have
the wrong name for that build-option, or I set it to the wrong value?
Or is there some option that I have to specify in the kernel-config
file?
It will be okay with me if this was an explicit decision to remove all
support for the option in favor of better security, but I'm not finding
anything to suggest that this change was intentional. I can't even tell
when it happened, except to say that it was sometime between Feb 2021
and this past weekend. It might even be that this is a side-effect of
building a new system from scratch? My older server was originally
built as freebsd-9-stable, and had been upgraded many times until it got
to 13-stable. Who knows what cruft is lurking around on it!
In any case, if there is some easy way for me to enable the option for
incoming 'sshd' connections, that would be very nice.
--
Garance Alistair Drosehn = drosih@rpi.edu
Lead Developer @rpi and gad@FreeBSD.org
Rensselaer Polytechnic Institute; Troy, NY; USA