Bug 1656052

Summary: OpenSSH ignores "Ciphers -*-cbc" setting in sshd_config
Product: [Fedora] Fedora Reporter: Thomas Schweikle <tschweikle>
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 28CC: dwalsh, jfch, jjelen, lkundrak, mattias.ellert, plautrba, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-12-04 15:17:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Thomas Schweikle 2018-12-04 14:47:09 UTC 
Description of problem:
setting

Ciphers -*-cbc

or

Ciphers -aes128-cbc,aes192-cbc,aes256-cbc

are ignored. Man-page states this shall remove these ciphers from sshd.

# sshd -T | grep -i cipher
ciphers chacha20-poly1305,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes256-gcm

but if a client connects using one of the non announced ciphers it will be used by sshd.

Version-Release number of selected component (if applicable):
OpenSSH_7.8p1, OpenSSL 1.1.0i-fips  14 Aug 2018

How reproducible:
Always

Steps to Reproduce:
1. Install OpenSSH
2. Configure /etc/ssh/sshd_config to include one of
   Ciphers -*-cbc
   Ciphers -aes128-cbc,aes192-cbc,aes256-cbc
   Ciphers chacha20-poly1305,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes256-gcm
3. Test with "sshd -T | grep -i cipher" -> sshd reports to not support any *-cbc based ciphers any more.
4. Connect using one of these unsupported ciphers.

Actual results:
Connection with one of the unsupported ciphers succeeds

Expected results:
Connection with one of the unsupported ciphers shall fail.

Additional info:
With sshd on Fedora 27 this worked as expected.
Comment 1 Thomas Schweikle 2018-12-04 15:06:59 UTC 
Fedora 29, OpenSSH_7.9p1, OpenSSL 1.1.1 FIPS  11 Sep 2018
Same problem: ciphers disabled, but supported.
Comment 2 Jakub Jelen 2018-12-04 15:17:55 UTC 
This is because of crypto-policy, which sets default ciphers on sshd commandline (because of lack of include in the sshd), which take precedence to the configuration file and is loaded through the

$ systemctl cat sshd
[...]
EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config

To opt out, you can modify the other environment file as advised and then your ciphers setting should become effective:

# cat /etc/sysconfig/sshd
[...]
# System-wide crypto policy:
# To opt-out, uncomment the following line
# CRYPTO_POLICY=

For more information, see 
https://gitlab.com/redhat-crypto/fedora-crypto-policies