[Ach] OpenSSH on RHEL

Hanno Böck hanno at hboeck.de
Thu Apr 17 09:53:32 CEST 2014 

On Thu, 17 Apr 2014 09:16:04 +0200
"Martin Schuster (IFKL IT OS DC CD)" <Martin.Schuster1 at infineon.com>
wrote:

> Currently the paper suggests settings for OpenSSH 6.4 and 6.0,
> but the last 2 Red Hat Enterprise Linux's (5 and 6) ship
> OpenSSH 4.3p2 and 5.3p1, respectively.
> 
> Do you have any recommendations for those ancient versions?

Don't use them.
(okay, this is harsh, but bottom line is: there is a lot of movement in
good crypto within the last 2-3 years. getting any reasonably
up-to-date-crypto running with old software is difficult)

But still:

> RHEL5 (OpenSSH 4.3p2):
> Ciphers
>          Specifies the ciphers allowed for protocol version 2.
>          Multiple ciphers must be comma-separated.  The sup-
>          ported ciphers are "3des-cbc", "aes128-cbc",
>          "aes192-cbc", "aes256-cbc", "aes128-ctr",
>          "aes192-ctr", "aes256-ctr", "arcfour128",
>          "arcfour256", "arcfour", "blowfish-cbc", and
>          "cast128-cbc".  The default is
> 
>            ''aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
>              aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
>              aes256-cbc,arcfour''

Kill arcfour, maybe 3des and if you want to be really safe all
cbc-modes (newer ssh versions have encrypt-then-mac modes, these ones
are mac-and-encrypt which is the only combination that is worse than
the one used in TLS)

> MACs    Specifies the available MAC (message authentication
>          code) algorithms.  The MAC algorithm is used in pro-
>          tocol version 2 for data integrity protection.  Mul-
>          tiple algorithms must be comma-separated.  The
>          default is
>          "hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96".
[...]
>                hmac-md5,hmac-sha1,umac-64 at openssh.com,
>                hmac-ripemd160,hmac-sha1-96,hmac-md5-96

For hmac the md5 weaknesses don't really matter, but I'd still consider
ditching md5.

Beside that for all SSH versions I strongly recommend to disable DSA
and use RSA keys >= 2048 bit.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140417/74c9cf64/attachment.sig>

More information about the Ach mailing list