OpenSSH Server Crypto Policy
Summary
OpenSSH clients follow the system-wide crypto policy since Fedora 26. This F27 change modifies the openssh server configuration to adhere to the system-wide policy. That will allow openssh server configuration to adapt to the multiple security levels offered system-wide.
Owner
- Name: Jakub Jelen
- Email: jjelen@redhat.com
- Release notes owner:
Current status
Detailed Description
Currently, the set of cryptographic algorithms used in OpenSSH is defined by upstream and Fedora just inherits what upstream considers secure. If there are special requirements for the security, manual modifications of the configuration files is required, which also prevents package manager to update the configuration file with future updates and can possibly leave enabled insecure algorithms.
Since Fedora 26 OpenSSH clients are following crypto policies defined system-wide using Include
configuration option in the main ssh_config
. We can not use the same method in the server, because OpenBSD did not accept yet the patch supporting the same in the server configuration (upstream bug) so we will work out other way of doing that without disrupting existing workflows.
For more information about Crypto Policy, see the appropriate wiki page Changes/CryptoPolicy describing the concept in whole.
Benefit to Fedora
All OpenSSH tools will follow system-wide crypto policy generated by update-crypto-policies(8) to ensure uniform security levels in the whole system.
The server side configuration is usually better place to defend against security vulnerabilities, rather than the user side, which does not have to have good overview of security. This will make sure they are using secure algorithms and their communiques are still secret.
Scope
- Proposal owners: Create a replace script, that will replace predefined comment in the configuration with configuration generated according to current crypto policies. Make systemd trigger this script on restart.
- OpenSSH package needs to be updated to preprocess configuration file and read it from runtime directory: openssh-7.5p1-4 build
- Reload sshd service after the crypto policy is changed: https://gitlab.com/nmav/fedora-crypto-policies/merge_requests/5
- SELinux policy needs to be adjusted so sshd server can read configuration file from runtime directory: https://bugzilla.redhat.com/show_bug.cgi?id=1477613
- Other developers: N/A (not a System Wide Change)
- Release engineering: #6915 (a check of an impact with Release Engineering is needed)
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
The update of manually modified sshd_config
will not get overwritten and the crypto policies will not get picked up. The default configuration will get the crypto policies automatically.
How To Test
Prerequisites:
- Make sure you have installed
openssh-clients
,openssh-server
andcrypto-policies
packages - Make sure you have
sshd
server running on your system. If not, enable and start thesshd
service:systemctl enable sshd && systemctl start sshd
- Make sure you have
crypto-policies
configured with default profile - Make sure you can connect to your local sshd server with your client, such as
ssh localhost
Check LEGACY profile:
- Check that you CAN NOT connect with legacy algorithms, such as
arcfour128
: Runssh -o Ciphers=arcfour128 localhost
(should fail) - Update crypto policies to LEGACY profile. Run
update-crypto-policies --set LEGACY
(this will makesshd
reload the configuration) - Check that you CAN connect with legacy algorithms, such as
arcfour128
: Runssh -o Ciphers=arcfour128 localhost
(should work)
Check FUTURE profile:
- Check that you CAN connect with current algorithms that is not in FUTURE profile, such as
diffie-hellman-group-exchange-sha1
: Runssh -o KexAlgorithms=diffie-hellman-group-exchange-sha1 localhost
(should work) - Update crypto policies to FUTURE profile. Run
update-crypto-policies --set FUTURE
(this will makesshd
reload the configuration) - Check that you CAN NOT connect with current algorithms that is not in FUTURE profile, such as
diffie-hellman-group-exchange-sha1
: Runssh -o KexAlgorithms=diffie-hellman-group-exchange-sha1 localhost
(should fail)
Post:
- Change your crypto policies back to
DEFAULT
. Runupdate-crypto-policies --set FUTURE
(this will makesshd
reload the configuration)
Note: specifying the algorithms on command line or in per-user client configuration overwrites system-wide policy. The same can be done with the server configuration, by specifying the options before the expanded crypto-policies comment.
User Experience
N/A (not a System Wide Change)
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
- Blocks product? product
Documentation
Upstream documentation is available in the upstream repository for update-crypto-policies(8).
For OpenSSH server, there should be no difference than in other libraries except the sshd daemon is not picking up the changes on demand, but requires a restart of the services after the change.