SSHD, diffie-hellman-group1-sha1 , and FreeBSD 13-stable
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 31 Jan 2022 02:13:16 UTC
I recently built a new server running freebsd-13-stable, and ran into an unexpected problem. It may be that there is no reasonable fix for this problem, but I thought I'd ask in case I'm missing something simple. This new server is replacing an older server which was last updated in February 2021. The original server needs to accept ssh connections coming some servers which are painfully ancient. Years ago OpenSSH disabled support for the key-exchange algorithm named diffie-hellman-group1-sha1 in the default configuration. Unfortunately my server needs to accept connections from systems so old that they don't support any of the newer Kex algorithms. In my older build of this server, I handled this need by adding the line: KexAlgorithms +diffie-hellman-group1-sha1 in /etc/ssh/sshd_config, and that worked fine. In the newer system that config line flags an error: -# /usr/sbin/sshd -f /etc/ssh/sshd_config4 -t /etc/ssh/sshd_config4: line 156: Bad configuration option: KexAlgorithm /etc/ssh/sshd_config4: terminating, 1 bad configuration options (It's "sshd_config4" instead of "sshd_config" because I have this in a copy of 'sshd' running on a separate port from the standard 'sshd'. This allows me to strictly limit which hosts are allowed to even try to use diffie-hellman-group1-sha1). So far I'm not even sure which component is rejecting the option. I notice, for instance, that the option is still available and works when specified on an 'ssh' command. This command works fine: -# ssh -4e none -oKexAlgorithms=+diffie-hellman-group1-sha1 \ -oCiphers=aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc \ me@sad.ancient.server.rpi.edu (that command will succeed at logging into the ancient server, while 'ssh' cannot login to the ancient server unless I add those two -Options). Based on some searches of the web and mailing lists, I tried an experiment of adding the line: WITH_OPENSSL_KTLS=yes to the file /etc/src.conf . I then did a 'make cleanworld ; make buildworld'. The build and install worked fine, but sshd still won't accept the option for kex diffie-hellman-group1-sha1. Perhaps I have the wrong name for that build-option, or I set it to the wrong value? Or is there some option that I have to specify in the kernel-config file? It will be okay with me if this was an explicit decision to remove all support for the option in favor of better security, but I'm not finding anything to suggest that this change was intentional. I can't even tell when it happened, except to say that it was sometime between Feb 2021 and this past weekend. It might even be that this is a side-effect of building a new system from scratch? My older server was originally built as freebsd-9-stable, and had been upgraded many times until it got to 13-stable. Who knows what cruft is lurking around on it! In any case, if there is some easy way for me to enable the option for incoming 'sshd' connections, that would be very nice. -- Garance Alistair Drosehn = drosih@rpi.edu Lead Developer @rpi and gad@FreeBSD.org Rensselaer Polytechnic Institute; Troy, NY; USA