From patchwork Mon Apr 18 20:40:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 5518 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4KhzMX6j1Qz3x1y for ; Mon, 18 Apr 2022 20:40:08 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4KhzMT41DVz1Lm; Mon, 18 Apr 2022 20:40:05 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4KhzMT2Z0mz2yDF; Mon, 18 Apr 2022 20:40:05 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4KhzMR3CPGz2yC5 for ; Mon, 18 Apr 2022 20:40:03 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4KhzMQ24QNzdL for ; Mon, 18 Apr 2022 20:40:01 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1650314403; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iFAplvqzy3COt5h6OaIWFkjju5O/7lUyTvWkD6JK1/Q=; b=wSWc+xfoJaSqQMiIp4aG/bOZtxxg3d7entFHIDHKBTzn6zoXdCNLRSFWerjSjL/reqX253 /SkSR9Ew4OQBv4DQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1650314403; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iFAplvqzy3COt5h6OaIWFkjju5O/7lUyTvWkD6JK1/Q=; b=XWj4M+JlPYRD+Ff8w5bL5Sl0lcHpO12udB5Ml75n8E2IowyjbpWAVjPnkuBRp+1DdeFMPF ZVEe2WASktOb8YIASJLd66Augl0k7nt9Js6sGZhvgNveUhn37aikEBM9tyBan2vHr2sHbN T4UkuFi6H36Kw+rLDGUzzlPEX6/JpaWOPhS7Bp2AB4lzHQ5AFNEdkWx+owoiJOVMvcYuLM LwbUM1mqstOY1U8Mwrb+g50id/PXpCJXUyZxs+t9pq8l5p4J8JTg+/EsBfn4RBQ5L3I+ZN L4QATLOhbsin4sFKBG44Wqk7q3F/dXIXcH/VCvAwbbN2kYpbUy84Nskz8aacuA== Message-ID: <2bd37d93-0a56-8a49-46a8-4e31afc6d582@ipfire.org> Date: Mon, 18 Apr 2022 20:40:00 +0000 MIME-Version: 1.0 Content-Language: en-US To: "IPFire: Development" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH 1/3] OpenSSH: Update to 9.0p1 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Relevant changelog part, as retrieved from https://www.openssh.com/txt/release-9.0: Changes since OpenSSH 8.9 ========================= This release is focused on bug fixing. Potentially-incompatible changes -------------------------------- This release switches scp(1) from using the legacy scp/rcp protocol to using the SFTP protocol by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. This creates one area of potential incompatibility: scp(1) when using the SFTP protocol no longer requires this finicky and brittle quoting, and attempts to use it may cause transfers to fail. We consider the removal of the need for double-quoting shell characters in file names to be a benefit and do not intend to introduce bug-compatibility for legacy scp/rcp in scp(1) when using the SFTP protocol. Another area of potential incompatibility relates to the use of remote paths relative to other user's home directories, for example - "scp host:~user/file /tmp". The SFTP protocol has no native way to expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later support a protocol extension "expand-path@openssh.com" to support this. In case of incompatibility, the scp(1) client may be instructed to use the legacy scp/rcp using the -O flag. New features ------------ * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key exchange method by default ("sntrup761x25519-sha512@openssh.com"). The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be discovered in the future. The combination ensures that the hybrid exchange offers at least as good security as the status quo. We are making this change now (i.e. ahead of cryptographically- relevant quantum computers) to prevent "capture now, decrypt later" attacks where an adversary who can record and store SSH session ciphertext would be able to decrypt it once a sufficiently advanced quantum computer is available. * sftp-server(8): support the "copy-data" extension to allow server- side copying of files/data, following the design in draft-ietf-secsh-filexfer-extensions-00. bz2948 * sftp(1): add a "cp" command to allow the sftp client to perform server-side file copies. Bugfixes -------- * ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output fd closes without data in the channel buffer. bz3405 and bz3411 * sshd(8): pack pollfd array in server listen/accept loop. Could cause the server to hang/spin when MaxStartups > RLIMIT_NOFILE * ssh-keygen(1): avoid NULL deref via the find-principals and check-novalidate operations. bz3409 and GHPR#307 respectively. * scp(1): fix a memory leak in argument processing. bz3404 * sshd(8): don't try to resolve ListenAddress directives in the sshd re-exec path. They are unused after re-exec and parsing errors (possible for example if the host's network configuration changed) could prevent connections from being accepted. * sshd(8): when refusing a public key authentication request from a client for using an unapproved or unsupported signature algorithm include the algorithm name in the log message to make debugging easier. Portability ----------- * sshd(8): refactor platform-specific locked account check, fixing an incorrect free() on platforms with both libiaf and shadow passwords (probably only Unixware) GHPR#284, * ssh(1), sshd(8): Fix possible integer underflow in scan_scaled(3) parsing of K/M/G/etc quantities. bz#3401. * sshd(8): provide killpg implementation (mostly for Tandem NonStop) GHPR#301. * Check for missing ftruncate prototype. GHPR#301 * sshd(8): default to not using sandbox when cross compiling. On most systems poll(2) does not work when the number of FDs is reduced with setrlimit, so assume it doesn't when cross compiling and we can't run the test. bz#3398. * sshd(8): allow ppoll_time64 in seccomp sandbox. Should fix sandbox violations on some (at least i386 and armhf) 32bit Linux platforms. bz#3396. * Improve detection of -fzero-call-used-regs=all support in configure script. Signed-off-by: Peter Müller --- lfs/openssh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/openssh b/lfs/openssh index 8c958e9fe..302ae6041 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2022 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 8.9p1 +VER = 9.0p1 THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 02934da7f7a2954141888e63e81e38fad4fb8558ddd1032de44f69684802c62771fdd7e9e470e0715059635999c8f9d2ab95f6351217e236573ead83a867f59b +$(DL_FILE)_BLAKE2 = 49724a400951964d659d136908657940f79e150056728cc4dadf8ff8652a832f7fd46eebb47b15085e57fca4b00c77d1ec4dd1b056ea2bbcee89f54a121ed5e2 install : $(TARGET) From patchwork Mon Apr 18 20:40:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 5519 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4KhzMs3WWGz3x1y for ; Mon, 18 Apr 2022 20:40:25 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4KhzMr4RV9z1Lm; Mon, 18 Apr 2022 20:40:24 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4KhzMr3qd3z2yYx; Mon, 18 Apr 2022 20:40:24 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4KhzMr0vzTz2y0t for ; Mon, 18 Apr 2022 20:40:24 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4KhzMq0NNpzL0 for ; Mon, 18 Apr 2022 20:40:22 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1650314423; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JGofXQWAi2vgjYKMxhUPt2J3bqIyFIXlYoHWPT0xMNY=; b=KzESjUUFThQbx17kJDq61M5WmeyTEjguG+4nkwIfCUA6ofhSW/vpq3EEclTYx1xgrz6j+m 1Lf/1pwBRlN7ehCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1650314423; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JGofXQWAi2vgjYKMxhUPt2J3bqIyFIXlYoHWPT0xMNY=; b=aGd6uGvruuKbbbURB9FwOGSxWm9LOlUaOIvk0lHU6jJX+rhrhz2cgw0tBsr/382q4/5uWj y7bnf7XZNrn/UQ52dcW2l1Tk1F5NCTgMzrxIROrkDiqsZbh9eRNNCYQFfilgVwWN1UUNOD qXswP8g0NKoBv/c6auwuWc1Xg6LMXFndztLHttBzXoy4YyuNiNj3SPkB5HhNh8tjn2Gkth xRCKnxHb0MYbNzyKp+7Eb+Pd29E5aIhR+EGGC20Pc/BoImSgw7tBuHwhVP3AACzQzRsG8v 2YYQLWSJYmoHBvyCK0yVeOjYlSJc4xPHzSlvlAZvsMceY89g8nEN2XT2tuXMPw== Message-ID: Date: Mon, 18 Apr 2022 20:40:20 +0000 MIME-Version: 1.0 Subject: [PATCH 2/3] SSH: Add sntrup761x25519-sha512@openssh.com key exchange to configurations Content-Language: en-US To: development@lists.ipfire.org References: <2bd37d93-0a56-8a49-46a8-4e31afc6d582@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= In-Reply-To: <2bd37d93-0a56-8a49-46a8-4e31afc6d582@ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This algorithm was introduced in OpenSSH 9.0p1; also, align the curve25519-sha256* key exchanges to keep things tidy. Signed-off-by: Peter Müller --- config/ssh/ssh_config | 2 +- config/ssh/sshd_config | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config index 2e2ee60c3..ee0954d5c 100644 --- a/config/ssh/ssh_config +++ b/config/ssh/ssh_config @@ -9,7 +9,7 @@ Host * UseRoaming no # Only use secure crypto algorithms - KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 + KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config index bea5cee53..456556540 100644 --- a/config/ssh/sshd_config +++ b/config/ssh/sshd_config @@ -19,9 +19,8 @@ LoginGraceTime 30s # Limit maximum instanctes to prevent DoS MaxStartups 5 -# Only allow safe crypto algorithms (may break some _very_ outdated clients) -# See also: https://stribika.github.io/2015/01/04/secure-secure-shell.html -KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 +# Only allow safe crypto algorithms +KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com From patchwork Mon Apr 18 20:40:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 5520 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4KhzNG1byHz3x1y for ; Mon, 18 Apr 2022 20:40:46 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4KhzNF5cz3z1Yh; Mon, 18 Apr 2022 20:40:45 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4KhzNF50yLz2yDF; Mon, 18 Apr 2022 20:40:45 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4KhzNF057mz2y0t for ; Mon, 18 Apr 2022 20:40:45 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4KhzND13qFzdh for ; Mon, 18 Apr 2022 20:40:43 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1650314444; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0T/g/8KqCx0vGfnrp8Xv9bWCyzArk1HgmAVORkGEol4=; b=Q1mC4C6IlUGo/5AxG3CZGrwBFKyA+chaMVCFlSG3kMZKG5nN4VW9NXJaMcyJamqBfSHYjS eJPLkuLr/pVjhnAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1650314444; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0T/g/8KqCx0vGfnrp8Xv9bWCyzArk1HgmAVORkGEol4=; b=tNIgfMS8Xs4zGq3sCviKCAEnrrk8+yfoVPFTEVbjX+qjPF8V6oKp2nNw2O9dGdYLpOKJ7l 5BbHGOMlfMRmBKrJBd5zHQ7erR22Z+rkpLKpHhVVgYUx9/V8lz3H1J6EuFq6jVQrHhVdpv iWDZwYM/aC2yC9x/YhYJpTFp0pTa4lSqlEW3x01eZyLGlqaKjvdMRyLFE/QWR+8vJi2U19 QhnIwdNxrYC6Ule1JF+0n1doupl5wqgXX/vSny5ry3TcusfSHdNoD6UXhSRpfnDBXTYDfa uIoyRu3JJ9DFtcOJQgslH9Jg12E8KEonroC5i5Inapor/VQzwEDY0b7SEPjkZQ== Message-ID: <09688ff4-d262-d136-0d1f-9102732a5e0d@ipfire.org> Date: Mon, 18 Apr 2022 20:40:41 +0000 MIME-Version: 1.0 Subject: [PATCH 3/3] SSH: do not send spoofable TCP keep alive messages Content-Language: en-US To: development@lists.ipfire.org References: <2bd37d93-0a56-8a49-46a8-4e31afc6d582@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= In-Reply-To: X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" By default, both SSH server and client rely on TCP-based keep alive messages to detect broken sessions, which can be spoofed rather easily in order to keep a broken session opened (and vice versa). Since we rely on SSH-based keep alive messages, which are not vulnerable to this kind of tampering, there is no need to double-check connections via TCP keep alive as well. This patch thereof disables using TCP keep alive for both SSH client and server scenario. For usability reasons, a timeout of 5 minutes (10 seconds * 30 keep alive messages = 300 seconds) will be used for both client and server configuration, as 60 seconds were found to be too short for unstable connectivity scenarios. Signed-off-by: Peter Müller --- config/ssh/ssh_config | 12 ++++++++---- config/ssh/sshd_config | 8 +++++--- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config index ee0954d5c..85c069dda 100644 --- a/config/ssh/ssh_config +++ b/config/ssh/ssh_config @@ -5,7 +5,7 @@ # Set some basic hardening options for all connections Host * - # Disable Roaming as it is known to be vulnerable + # Disable undocumented roaming feature as it is known to be vulnerable UseRoaming no # Only use secure crypto algorithms @@ -13,15 +13,19 @@ Host * Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com - # Always visualise server host keys (but helps to identify key based MITM attacks) + # Always visualise server host keys (helps to identify key based MITM attacks) VisualHostKey yes # Use SSHFP (might work on some up-to-date networks) to look up host keys VerifyHostKeyDNS yes - # send keep-alive messages to connected server to avoid broken connections + # Send SSH-based keep alive messages to connected server to avoid broken connections ServerAliveInterval 10 - ServerAliveCountMax 6 + ServerAliveCountMax 30 + + # Disable TCP keep alive messages since they can be spoofed and we have SSH-based + # keep alive messages enabled; there is no need to do things twice here + TCPKeepAlive no # Ensure only allowed authentication methods are used PreferredAuthentications publickey,keyboard-interactive,password diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config index 456556540..76c9b3eb1 100644 --- a/config/ssh/sshd_config +++ b/config/ssh/sshd_config @@ -46,11 +46,13 @@ AllowTcpForwarding no AllowAgentForwarding no PermitOpen none -# Detect broken sessions by sending keep-alive messages to clients via SSH connection +# Send SSH-based keep alive messages to connected clients to avoid broken connections ClientAliveInterval 10 +ClientAliveCountMax 30 -# Close unresponsive SSH sessions which fail to answer keep-alive -ClientAliveCountMax 6 +# Since TCP keep alive messages can be spoofed and we have the SSH-based already, +# there is no need for this to be enabled as well +TCPKeepAlive no # Add support for SFTP Subsystem sftp /usr/lib/openssh/sftp-server