Bug 1656052 - OpenSSH ignores "Ciphers -*-cbc" setting in sshd_config
Summary: OpenSSH ignores "Ciphers -*-cbc" setting in sshd_config
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 28
Hardware: Unspecified
OS: Linux
Target Milestone: ---
Assignee: Jakub Jelen
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2018-12-04 14:47 UTC by Thomas Schweikle
Modified: 2018-12-04 15:17 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-12-04 15:17:55 UTC
Type: Bug

Attachments (Terms of Use)

Description Thomas Schweikle 2018-12-04 14:47:09 UTC
Description of problem:

Ciphers -*-cbc


Ciphers -aes128-cbc,aes192-cbc,aes256-cbc

are ignored. Man-page states this shall remove these ciphers from sshd.

# sshd -T | grep -i cipher
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

but if a client connects using one of the non announced ciphers it will be used by sshd.

Version-Release number of selected component (if applicable):
OpenSSH_7.8p1, OpenSSL 1.1.0i-fips  14 Aug 2018

How reproducible:

Steps to Reproduce:
1. Install OpenSSH
2. Configure /etc/ssh/sshd_config to include one of
   Ciphers -*-cbc
   Ciphers -aes128-cbc,aes192-cbc,aes256-cbc
   Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
3. Test with "sshd -T | grep -i cipher" -> sshd reports to not support any *-cbc based ciphers any more.
4. Connect using one of these unsupported ciphers.

Actual results:
Connection with one of the unsupported ciphers succeeds

Expected results:
Connection with one of the unsupported ciphers shall fail.

Additional info:
With sshd on Fedora 27 this worked as expected.

Comment 1 Thomas Schweikle 2018-12-04 15:06:59 UTC
Fedora 29, OpenSSH_7.9p1, OpenSSL 1.1.1 FIPS  11 Sep 2018
Same problem: ciphers disabled, but supported.

Comment 2 Jakub Jelen 2018-12-04 15:17:55 UTC
This is because of crypto-policy, which sets default ciphers on sshd commandline (because of lack of include in the sshd), which take precedence to the configuration file and is loaded through the

$ systemctl cat sshd

To opt out, you can modify the other environment file as advised and then your ciphers setting should become effective:

# cat /etc/sysconfig/sshd
# System-wide crypto policy:
# To opt-out, uncomment the following line

For more information, see 

Note You need to log in before you can comment on or make changes to this bug.