Bug 1417263

Summary: OpenSSH will negotiate MD5 HMAC in default configuration [RFE] provide safe default
Product: Red Hat Enterprise Linux 7 Reporter: Leonard den Ottolander <leonard-rh-bugzilla>
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: phil
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1417264 (view as bug list) Environment:
Last Closed: 2017-01-30 07:50:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1417264    

Description Leonard den Ottolander 2017-01-27 17:45:55 UTC 
OpenSSH on both RHEL 7 (openssh-6.6.1p1-31.el7) and RHEL 6 (openssh-5.3p1-118.1.el6_8) will by default negotiate an MD5 HMAC. MD5 has been considered insecure for quite some time now.

C6 client, C7 server: (C in CentOS)

debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none

C7 client & server:

debug2: mac_setup: setup hmac-md5-etm
debug1: kex: server->client aes128-ctr hmac-md5-etm none
debug2: mac_setup: setup hmac-md5-etm
debug1: kex: client->server aes128-ctr hmac-md5-etm none

Default order on C7:

debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96

Default order on C6:

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96

I would like to suggest to add the following line to both ssh_config and sshd_config:

RHEL 7:

MACs hmac-sha2-512-etm,hmac-sha2-512,hmac-sha2-256-etm,hmac-sha2-256,hmac-sha1-etm,hmac-sha1,hmac-ripemd160-etm,hmac-ripemd160,hmac-ripemd160,umac-128,umac-128-etm,hmac-sha1-96-etm,hmac-sha1-96,umac-64-etm,umac-64

RHEL 6:

MACS hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,umac-64

Even if this is not the desired order - note that the default order appears to be quite random itself - the fact that this option is available in the configuration files should give the administrator enough of a clue.
Comment 2 Jakub Jelen 2017-01-30 07:50:42 UTC 
This is already discussed in the bug #1373835 (see my comment in the cloned bug #1417264). Lets continue discussion there.

*** This bug has been marked as a duplicate of bug 1373835 ***