Changing sshd/KexAlgorithms seems to fail

rootuser · May 31, 2022, 9:35am

Hello,

I’d like to remove the weak key exchange (KEX) methods gss-gex-sha1- and gss-group1-sha1- on my UCS (5.0-1 errata317).

I tried setting the UCR property sshd/KexAlgorithms, but this did not seem to do anything. (value was set to diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,curve25519-sha256)

I even restarted sshd manually, but to no avail.

When testing the changes with ‘ssh -vvvv localhost’ I still have gss-gex-sha1- and gss-group1-sha1- in the list.

Any hints on what might be the problem?

Thank you!

Kind regards, Tom

jlk · May 31, 2022, 10:11am

Hey Tom,

can you show us what grep Kex /etc/ssh/sshd_config outputs for you?
Normally it should look like this:

# empty default
root@master: grep Kex /etc/ssh/sshd_config
root@master: ucr set sshd/KexAlgorithms='diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,curve25519-sha256'
Create sshd/KexAlgorithms
File: /etc/ssh/sshd_config
root@master: grep Kex /etc/ssh/sshd_config
KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,curve25519-sha256

So the UCR value should be injected directly. To force a config file rebuild you could try to use ucr commit /etc/ssh/sshd_config.

As a next step you can dump your sshd config and look for the value:

root@master: sshd -T | grep kex
kexalgorithms diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,curve25519-sha256

Best regards
Jan-Luca

rootuser · May 31, 2022, 10:46am

Hello,

thank you very much for your reply!

I have tried the steps you suggested. The output I receive with
sshd -T | grep kex

shows only the desired kex methods.

Still, if I try
ssh -vvvv localhost

I get gss-gex-sha1- and gss-group1-sha1- in the list (below ‘debug2: peer server KEXINIT proposal’)

I also tried this on two other different machines (non-UCS, Debian 9 and Debian 10). I get the same list there by executing sshd -T | grep kex
but when using ssh -vvvv localhost, gss-gex-sha1- and gss-group1-sha1- do NOT occur.

Any further ideas?

Thank you very much!

Kind regards,
Thomas Teves

P.S. Just for the record (and other people with the same problem): the correct command for re-creating the config file would be ucr commit /etc/ssh/sshd_config.

jlk · May 31, 2022, 2:55pm

Hello Thomas,

indeed you are right, I corrected the commit command.

Regarding your question: I just tried the same, but for me the offered algorithms do change as desired, so I unable to give more specific advice - Maybe a service or even a server restart might help too? Does this change when you try to login from a remote machine instead of localhost?

Takeo · June 10, 2022, 9:28am

Hey,
I think we found the root for those weak methods.
In the currently used old stable openssh version 7.9p1 GSSAPIKeyExchange seems to be enabled by default.

This automatically seems to enable the old methods (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989906).

After setting:
ucr set sshd/GSSAPIKeyExchange=“no”
the old kex methods are no longer offered by the server.

jlk · June 13, 2022, 11:21am

Glad you got it working!