Patch: Ciphers, MACs and KexAlgorithms on Match
Darren Tucker
dtucker at zip.com.au
Mon Jun 9 00:55:03 EST 2014
On Sun, Jun 8, 2014 at 10:21 AM, Ben Lindstrom <mouring at eviladmin.org>
wrote:
> [...]
> However, if the SSH client in question is broken (as it sounds like Mr
> Wolfermann's Android clients are) it will never get to a rekey stage as it
> will fail to do the initial connection.
>
Sure, but working around buggy clients is not the only possible use case
for it. Say, requiring a particularly sensitive user to use a strong
cipher.
Now for working around buggy clients, adding a Match on the client version
string would be possible, since it's known very early.
Match Client someclient-2.6*
Ciphers aes128-cbc
(although I'd call it "Implementation" or some other neutral name so the
same keyword could be used on both client and server).
Just feels hokey to try and play with Ciphers and Macs in the Match.
>
Buggy implementations of these things are relatively common. To pick a
real example:
# Broken curve25519-sha256 at libssh.org
Match Implementation OpenSSH-6.6
KexAlgorithms
diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Plus you could turn off DH Group exchange to those Cisco implementations
that fail when asked for a preferred group >4k bit without compromising
security for every other implementation.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list