[Ach] OpenSSH on RHEL

ianG iang at iang.org
Thu Apr 17 12:10:33 CEST 2014 

On 17/04/2014 08:16 am, Martin Schuster (IFKL IT OS DC CD) wrote:
> Currently the paper suggests settings for OpenSSH 6.4 and 6.0,
> but the last 2 Red Hat Enterprise Linux's (5 and 6) ship
> OpenSSH 4.3p2 and 5.3p1, respectively.
> 
> Do you have any recommendations for those ancient versions?

my thoughts below.


> Excerpts from sshd_config(5):
> 
> 
> RHEL5 (OpenSSH 4.3p2):
> Ciphers
>         Specifies the ciphers allowed for protocol version 2.
>         Multiple ciphers must be comma-separated.  The sup-
>         ported ciphers are "3des-cbc", "aes128-cbc",
>         "aes192-cbc", "aes256-cbc", "aes128-ctr",
>         "aes192-ctr", "aes256-ctr", "arcfour128",
>         "arcfour256", "arcfour", "blowfish-cbc", and
>         "cast128-cbc".  The default is
> 
>           ''aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
>             aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
>             aes256-cbc,arcfour''


Drop arcfour.  Also, no point in 3des, blowfish, cast.

The ctr-v-cbc argument goes on an on.  As does the aes length.  So no
comment there for now.


> MACs    Specifies the available MAC (message authentication
>         code) algorithms.  The MAC algorithm is used in pro-
>         tocol version 2 for data integrity protection.  Mul-
>         tiple algorithms must be comma-separated.  The
>         default is
>         "hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96".
> 
> 
> RHEL6 (OpenSSH 5.3p1):
> Ciphers
>        [same as for RHEL5]
> 
> MACs    Specifies the available MAC (message authentication
>         code) algorithms.  The MAC algorithm is used in pro-
>         tocol version 2 for data integrity protection.  Mul-
>         tiple algorithms must be comma-separated.  The
>         default is:
> 
>               hmac-md5,hmac-sha1,umac-64 at openssh.com,
>               hmac-ripemd160,hmac-sha1-96,hmac-md5-96


You want to drop anything to do with MD5.  It's still fine in a MAC, but
the problem is that people are removing it from code bases.

Also, I'm not sure why one would need ripemd except as an alternate to sha.

So I would go with hmac-sha1.  And leave it at that.  (But I'm working
from theoretical bases not any particular street knowledge.)

Anyone know what the story with umac-64 is?

More information about the Ach mailing list