Bug 1417263 - OpenSSH will negotiate MD5 HMAC in default configuration [RFE] provide safe default
Summary: OpenSSH will negotiate MD5 HMAC in default configuration [RFE] provide safe d...
Keywords:
Status: CLOSED DUPLICATE of bug 1373835
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openssh
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Jelen
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 1417264
TreeView+ depends on / blocked
 
Reported: 2017-01-27 17:45 UTC by Leonard den Ottolander
Modified: 2017-01-30 07:50 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1417264 (view as bug list)
Environment:
Last Closed: 2017-01-30 07:50:42 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Leonard den Ottolander 2017-01-27 17:45:55 UTC
OpenSSH on both RHEL 7 (openssh-6.6.1p1-31.el7) and RHEL 6 (openssh-5.3p1-118.1.el6_8) will by default negotiate an MD5 HMAC. MD5 has been considered insecure for quite some time now.

C6 client, C7 server: (C in CentOS)

debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none

C7 client & server:

debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none

Default order on C7:

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

Default order on C6:

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

I would like to suggest to add the following line to both ssh_config and sshd_config:

RHEL 7:

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1,hmac-ripemd160-etm@openssh.com,hmac-ripemd160@openssh.com,hmac-ripemd160,umac-128@openssh.com,umac-128-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-sha1-96,umac-64-etm@openssh.com,umac-64@openssh.com

RHEL 6:

MACS hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-ripemd160@openssh.com,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com

Even if this is not the desired order - note that the default order appears to be quite random itself - the fact that this option is available in the configuration files should give the administrator enough of a clue.

Comment 2 Jakub Jelen 2017-01-30 07:50:42 UTC
This is already discussed in the bug #1373835 (see my comment in the cloned bug #1417264). Lets continue discussion there.

*** This bug has been marked as a duplicate of bug 1373835 ***


Note You need to log in before you can comment on or make changes to this bug.