[Ach] Settings for OpenSSH - missing client side configuration.

Axel Hübl axel.huebl at web.de
Tue Jul 15 13:36:16 CEST 2014 

Hey Dariusz,


thanks for the feedback!

Regarding your questions:

1)
The client side is missing indeed (even if I personally use that, too).
The reason for that is that the guide focuses on sys admins (working as
natural multipliers) and it is therefor out of scope.

2) good questions, looks like a revision of the implementation. any
opinions?

3) Since new OpenSSH versions support rather nice crypto like GCM and EC
via ChaCha/poly1305 they should be favored over other eliptic curve
implementations.


Cheers,
Axel

On 15.07.2014 10:02, Dariusz Puchalak wrote:
> Hi,
> 
> I just skimed over Applied Crypto Hardening.
> Excelent guide! Thanks. :)
> 
> I have some remarks:
> 
> 1. On the OpenSSH part, you missed client side
> configuration.
> Just as you can specify server side sshd_config
> you can also specify client side ssh_config.
> 
> I think it's worth including this one too.
> So we can enforce good crypto on the client side too.
> And it can be a good education, because I have heard many
> complains about OpenSSH that were not true 
> i.e. you cannot choose AES mode
> (in putty only - but almost no one knew that they can
> do it on openssh). 
> People take putty shortcommings as OpenSSH problems. :(
> 
> In example part of my config file
> (can be /etc/ssh/ssh_config and/or ~/.ssh/config)
> Host *
>         StrictHostKeyChecking ask
>         ForwardAgent no
>         ForwardX11 no
>         ForwardX11Trusted no
>         GatewayPorts no
>         Protocol 2
>         CheckHostIP yes
>         Ciphers aes256-ctr,aes128-ctr
>         MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
>         KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
> 	HostKeyAlgorithms ssh-rsa-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-rsa
>         ServerAliveInterval 30
>         TCPKeepAlive yes
>         PreferredAuthentications publickey,password
>         IPQoS lowdelay throughput
> 
> It's the default that can be change on per host basis by doing thing like:
> Host old_and_buggy
>         HostName example.com
>         User scorpius
>         Port 80
>         Ciphers aes128-cbc
> 	MACs hmac-sha1
> 
> 2. HostKeyAlgorithms - I'm not sure about what's the 
> difference beetwen ssh-rsa-cert-v01 at openssh.com and
> ssh-rsa-cert-v00 at openssh.com .
> I need to dig more into the specification and source code.
> 
> But I still think it's esssential to disable DSA on server
> and client too.
> 
> 3. Why no ECDSA for OpenSSH?
> I have read Theory part and 
> 3.5. A note on Elliptic Curve Cryptography,
> but I'm not convinced :)
> A few more sentences about SSH and ECDSA would be nice,
> just like about DSS. 
> 
> Dariusz
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140715/d7456c8d/attachment.sig>

More information about the Ach mailing list