[Bug 2793] New: DH Group Exchange Incorrect Fallback

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Oct 10 05:41:59 AEDT 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2793

            Bug ID: 2793
           Summary: DH Group Exchange Incorrect Fallback
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jtesta at positronsecurity.com

Created attachment 3066
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3066&action=edit
Patch to remove the fallback mechanism.

(This issue was discussed in-depth on the openssh-unix-dev mailing list
here:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-September/036217.html)

The Diffie-Hellman group exchange code has a fallback mechanism in case
a sufficient entry in /etc/ssh/moduli is not found.  Unfortunately,
this mechanism directly disobeys what a sysadmin wants.

For example, if the sysadmin deletes all DH groups with moduli smaller
than 3072-bit, code will nevertheless return 2048-bit group14 (see
dh.c:441).  The correct behavior would be to disconnect with the
client.

In fact, ALL cases where a sufficient group cannot be found in
/etc/ssh/moduli should result in a disconnect, as the admin has
indicated that *only* those listed in that file should be used.  Hence,
the attached patch fully removes this fallback mechanism in order to
respect the admin's wishes.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list