SSHD, diffie-hellman-group1-sha1 , and FreeBSD 13-stable

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Garance A Drosehn <drosih_at_rpi.edu>
Date: Mon, 31 Jan 2022 02:13:16 UTC
I recently built a new server running freebsd-13-stable, and ran into an 
unexpected problem.  It may be that there is no reasonable fix for this 
problem, but I thought I'd ask in case I'm missing something simple.

This new server is replacing an older server which was last updated in 
February 2021.  The original server needs to accept ssh connections 
coming some servers which are painfully ancient.  Years ago OpenSSH 
disabled support for the key-exchange algorithm named 
diffie-hellman-group1-sha1 in the default configuration.  Unfortunately 
my server needs to accept connections from systems so old that they 
don't support any of the newer Kex algorithms.  In my older build of 
this server, I handled this need by adding the line:
KexAlgorithms +diffie-hellman-group1-sha1
in /etc/ssh/sshd_config, and that worked fine.

In the newer system that config line flags an error:

    -# /usr/sbin/sshd -f /etc/ssh/sshd_config4 -t
    /etc/ssh/sshd_config4: line 156: Bad configuration option: 
KexAlgorithm
    /etc/ssh/sshd_config4: terminating, 1 bad configuration options

(It's "sshd_config4" instead of "sshd_config" because I have this in a 
copy of 'sshd' running on a separate port from the standard 'sshd'.  
This allows me to strictly limit which hosts are allowed to even try to 
use diffie-hellman-group1-sha1).

So far I'm not even sure which component is rejecting the option.  I 
notice, for instance, that the option is still available and works when 
specified on an 'ssh' command.  This command works fine:

    -# ssh -4e none -oKexAlgorithms=+diffie-hellman-group1-sha1 \
           -oCiphers=aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc 
\
           me@sad.ancient.server.rpi.edu

(that command will succeed at logging into the ancient server, while 
'ssh' cannot login to the ancient server unless I add those two 
-Options).

Based on some searches of the web and mailing lists, I tried an 
experiment of adding the line:
WITH_OPENSSL_KTLS=yes
to the file /etc/src.conf .  I then did a 'make cleanworld ; make 
buildworld'.  The build and install worked fine, but sshd still won't 
accept the option for kex diffie-hellman-group1-sha1.  Perhaps I have 
the wrong name for that build-option, or I set it to the wrong value?  
Or is there some option that I have to specify in the kernel-config 
file?

It will be okay with me if this was an explicit decision to remove all 
support for the option in favor of better security, but I'm not finding 
anything to suggest that this change was intentional.  I can't even tell 
when it happened, except to say that it was sometime between Feb 2021 
and this past weekend.  It might even be that this is a side-effect of 
building a new system from scratch?  My older server was originally 
built as freebsd-9-stable, and had been upgraded many times until it got 
to 13-stable.  Who knows what cruft is lurking around on it!

In any case, if there is some easy way for me to enable the option for 
incoming 'sshd' connections, that would be very nice.

-- 
Garance Alistair Drosehn                =     drosih@rpi.edu
Lead Developer @rpi                   and    gad@FreeBSD.org
Rensselaer Polytechnic Institute;             Troy, NY;  USA