X-Git-Url: https://ruderich.org/simon/gitweb/?p=config%2Fdotfiles.git;a=blobdiff_plain;f=shell%2Fssh_config;h=69bc19742954248f6ad75a9f0087bd4add32dd9a;hp=09995ab12a8871146ec6a30d4c4586b9b4647b20;hb=acbc561fcc66fcfc1a013cab4033fa272f7c5643;hpb=9e4b2aff9242c3e72c714c3bf01c670b576e6627 diff --git a/shell/ssh_config b/shell/ssh_config index 09995ab..69bc197 100644 --- a/shell/ssh_config +++ b/shell/ssh_config @@ -3,7 +3,7 @@ # Some options are set even if they are default to prevent /etc/ssh/ssh_config # from overwriting them. -# Copyright (C) 2011-2016 Simon Ruderich +# Copyright (C) 2011-2020 Simon Ruderich # # This file is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -49,7 +49,7 @@ Host * # Don't use SHA1 and disable elliptic curves whose security regarding the # parameters is still in debate. - KexAlgorithms diffie-hellman-group-exchange-sha256 + KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512 # Use stronger cipher versions. Disable CBC ciphers to prevent (unlikely) # plaintext recovery attack [1], disable RC4 because it's broken [2]; this # leaves only AES. No GCM ciphers yet because they are still very new. @@ -64,11 +64,20 @@ Host * # in SSH [1] (available since 6.2). # # [1]: http://cseweb.ucsd.edu/~mihir/papers/oem.html - MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512 -# Disable DSA host keys because they are weak (only 1024 bit) and elliptic -# curves. I don't need certificates, therefore disable those algorithms as -# well (*-cert-*). - HostKeyAlgorithms ssh-rsa + MACs hmac-sha2-512-etm@openssh.com +# Disable ssh-rsa which is vulnerable to recent chosen prefix attacks against +# SHA1 [1][2]. Disable elliptic curves whose security regarding the parameters +# is still in debate. I don't need certificates, therefore disable those +# algorithms as well (*-cert-*). +# +# [1]: https://www.openssh.com/txt/release-8.2 +# [2]: "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and +# Application to the PGP Web of Trust" Leurent, G and Peyrin, T (2020) +# https://eprint.iacr.org/2020/014.pdf + HostKeyAlgorithms rsa-sha2-512 +# Also disable weak algorithms for public key authentication. Use a blacklist +# because multiple algorithms might be already in use. + PubkeyAcceptedKeyTypes -ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com # Disable X11 and agent forwarding for security reasons (defaults). ForwardX11 no