Bug 1656052 - OpenSSH ignores "Ciphers -*-cbc" setting in sshd_config
Summary: OpenSSH ignores "Ciphers -*-cbc" setting in sshd_config
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 28
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Jakub Jelen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-04 14:47 UTC by Thomas Schweikle
Modified: 2018-12-04 15:17 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-12-04 15:17:55 UTC
Type: Bug


Attachments (Terms of Use)

Description Thomas Schweikle 2018-12-04 14:47:09 UTC
Description of problem:
setting

Ciphers -*-cbc

or

Ciphers -aes128-cbc,aes192-cbc,aes256-cbc

are ignored. Man-page states this shall remove these ciphers from sshd.

# sshd -T | grep -i cipher
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

but if a client connects using one of the non announced ciphers it will be used by sshd.

Version-Release number of selected component (if applicable):
OpenSSH_7.8p1, OpenSSL 1.1.0i-fips  14 Aug 2018

How reproducible:
Always

Steps to Reproduce:
1. Install OpenSSH
2. Configure /etc/ssh/sshd_config to include one of
   Ciphers -*-cbc
   Ciphers -aes128-cbc,aes192-cbc,aes256-cbc
   Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
3. Test with "sshd -T | grep -i cipher" -> sshd reports to not support any *-cbc based ciphers any more.
4. Connect using one of these unsupported ciphers.

Actual results:
Connection with one of the unsupported ciphers succeeds

Expected results:
Connection with one of the unsupported ciphers shall fail.

Additional info:
With sshd on Fedora 27 this worked as expected.

Comment 1 Thomas Schweikle 2018-12-04 15:06:59 UTC
Fedora 29, OpenSSH_7.9p1, OpenSSL 1.1.1 FIPS  11 Sep 2018
Same problem: ciphers disabled, but supported.

Comment 2 Jakub Jelen 2018-12-04 15:17:55 UTC
This is because of crypto-policy, which sets default ciphers on sshd commandline (because of lack of include in the sshd), which take precedence to the configuration file and is loaded through the

$ systemctl cat sshd
[...]
EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config

To opt out, you can modify the other environment file as advised and then your ciphers setting should become effective:

# cat /etc/sysconfig/sshd
[...]
# System-wide crypto policy:
# To opt-out, uncomment the following line
# CRYPTO_POLICY=

For more information, see 
https://gitlab.com/redhat-crypto/fedora-crypto-policies


Note You need to log in before you can comment on or make changes to this bug.