[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jun 2 09:51:48 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2302

--- Comment #10 from Christoph Anton Mitterer <calestyo at scientia.net> ---
Hey.

Let me try to catch up on this on as well :-)


(In reply to Darren Tucker from comment #3)
> Created attachment 2630 [details]
> Make the DH-GEX fallback group 4k bit.
I think that's a big step forward already.
AFAIU, the old fallback group is then removed?

> This makes the fallback group a new 4kbit group as long as the
> client accepts groups at least that big (which is a SHOULD in
> RFC4419), otherwise it continues to use group14.
Hmm that's not so good, OTOH.
I mean it's nice from the backward-compatibility PoV, but not so great
from the security PoV.

Even though an attacker cannot (AFAIU??) for a connection to downgrade
to the weaker groups, it still doesn't give the server admin a good way
to "block out" weak clients.
Sure, the client can always do what he likes (could be secure and still
publish everything on pastebin.com), but I think we should rather
strive to harden all possible places than focus on users who don't do
their homework and stick with years old clients.
It's basically the same why it's good and necessary that you guys
remove sshv1.

So even if this is much better now with the 4Ki group, I point to my
arguments in comment #2, especially as even the 4Ki group just shifts
the problem "a bit" into the future.


Last but not least, could we have:
>- It makes it at least ambiguous in how things work since this
>  behaviour is not documented (i.e. people may think empty moduli file 
>  means no group can be found/used for DH_GEX and therefore disables
>  it.
>  => so could this information be added to moduli(5) manpage?

?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list