Bug 2020346

Summary: Update the OSPP ssh settings
Product: Red Hat Enterprise Linux 8 Reporter: Steve Grubb <sgrubb>
Component: crypto-policiesAssignee: Alexander Sosedkin <asosedki>
Status: CLOSED ERRATA QA Contact: Ondrej Moriš <omoris>
Severity: low Docs Contact:
Priority: medium    
Version: 8.5CC: omoris
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: crypto-policies-20211116-1.gitae470d6.el8 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-10 15:22:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1940119    

Description Steve Grubb 2021-11-04 16:07:33 UTC 
Description of problem:
The ssh crypto requirements allowed by OSPP have been updated by NIAP. We can now make the following adjustments:

FCS_SSH_EXT.1.2 - public key authentication - add: ecdsa-sha2-nistp521 & ssh-ed25519

FCS_SSH_EXT.1.6: Key exchange methods - add: Diffie-hellman-group14-sha256, Diffie-hellman-group15-sha512, Diffie-hellman-group16-sha512, Diffie-hellman-group17-sha512, Diffie-hellman-group18-sha512, Curve25519-sha256

FCS_SSH_EXT.1.8: Rekeying - Update to 1Gb (sshd default?)


Additional info:
https://www.niap-ccevs.org/Profile/Info.cfm?PPID=459&id=459
Comment 2 Alexander Sosedkin 2021-11-12 13:47:08 UTC 
(I'm pretty sure I've composed this comment before on 2021-11-09 and something ate it. Sorry.)

Curve 25519 isn't enabled in plain FIPS, so let's not exclude it.

Diffie-hellman-group15-sha512, Diffie-hellman-group17-sha512 --- I don't even think openssh has support for them.

Crypto-policies doesn't control rekeying limits.

With that in mind, can we limit the request to just enabling ecdsa-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512?
Comment 3 Steve Grubb 2021-11-12 14:23:37 UTC 
The intention is to enable what we have and not request new stuff to be coded up. So yes, we can limit what's enabled.
Comment 5 Ondrej Moriš 2021-11-16 16:36:05 UTC 
(In reply to Steve Grubb from comment #0)

> FCS_SSH_EXT.1.8: Rekeying - Update to 1Gb (sshd default?)

Steve, since this is out of scope of crypto-policies, do you think we need a bug for openssh for this? Or will it be handled via OSPP SCAP remediation (if there is something like that)?
Comment 6 Steve Grubb 2021-11-16 16:42:23 UTC 
If this is not set by crypto policy, then it's probably a SCAP setting.

Btw, we will need a similar update for RHEL 9, but openssh and openssl are newer and may allow even more options. I don't think we have done the analysis yet to see what rhel9 should have.
Comment 7 Alexander Sosedkin 2021-11-16 16:51:59 UTC 
Yeah, the subset of the changes controlled by crypto-policies went through rawhide and 9 first,
and I'm only now backporting them to 8.6,
on the general basis of not regressing on updates.

If in 9 FIPS:OSPP can be brought even closer to FIPS than in 8.6 --- glad to hear that,
I'll wait for the analysis and a RHEL-9 bug, then relax 9's OSPP even further if possible.
Comment 8 Steve Grubb 2021-11-16 16:55:13 UTC 
Bug 2023842 was filed for the SCAP changes.
Comment 13 errata-xmlrpc 2022-05-10 15:22:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (crypto-policies bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2044