Patch: Ciphers, MACs and KexAlgorithms on Match
Damien Miller
djm at mindrot.org
Mon Jun 9 10:39:56 EST 2014
On Sun, 8 Jun 2014, Darren Tucker wrote:
> # Broken curve25519-sha256 at libssh.org
> Match Implementation OpenSSH-6.6
> KexAlgorithms
> diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
>
> Plus you could turn off DH Group exchange to those Cisco implementations
> that fail when asked for a preferred group >4k bit without compromising
> security for every other implementation.
That opens a door for a MITM to degrade the crypto options used by spoofing
one/both banner strings. Of course they would need to be able to fake the
KEX hash later, but if they get to choose the algorithms used then this
becomes more likely.
I've been removing the compat hacks for old SSH implementations that
cause dodgy crypto to be used for this very reason.
-d
More information about the openssh-unix-dev
mailing list