X-Git-Url: https://ruderich.org/simon/gitweb/?p=config%2Fdotfiles.git;a=blobdiff_plain;f=shell%2Fssh_config;h=845e4e1ab0e706b182b253db77e44eb697afacf0;hp=09995ab12a8871146ec6a30d4c4586b9b4647b20;hb=e55a6e61e1705f1ae06d3ed5b85df3acf0c09838;hpb=0b96090f82bd835ed3707be7f7a32cc497272458 diff --git a/shell/ssh_config b/shell/ssh_config index 09995ab..845e4e1 100644 --- a/shell/ssh_config +++ b/shell/ssh_config @@ -3,7 +3,7 @@ # Some options are set even if they are default to prevent /etc/ssh/ssh_config # from overwriting them. -# Copyright (C) 2011-2016 Simon Ruderich +# Copyright (C) 2011-2020 Simon Ruderich # # This file is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -49,7 +49,7 @@ Host * # Don't use SHA1 and disable elliptic curves whose security regarding the # parameters is still in debate. - KexAlgorithms diffie-hellman-group-exchange-sha256 + KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512 # Use stronger cipher versions. Disable CBC ciphers to prevent (unlikely) # plaintext recovery attack [1], disable RC4 because it's broken [2]; this # leaves only AES. No GCM ciphers yet because they are still very new. @@ -64,11 +64,20 @@ Host * # in SSH [1] (available since 6.2). # # [1]: http://cseweb.ucsd.edu/~mihir/papers/oem.html - MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512 -# Disable DSA host keys because they are weak (only 1024 bit) and elliptic -# curves. I don't need certificates, therefore disable those algorithms as -# well (*-cert-*). - HostKeyAlgorithms ssh-rsa + MACs hmac-sha2-512-etm@openssh.com +# Disable ssh-rsa which is vulnerable to recent chosen prefix attacks against +# SHA1 [1][2]. Disable elliptic curves whose security regarding the parameters +# is still in debate. I don't need certificates, therefore disable those +# algorithms as well (*-cert-*). +# +# [1]: https://www.openssh.com/txt/release-8.2 +# [2]: "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and +# Application to the PGP Web of Trust" Leurent, G and Peyrin, T (2020) +# https://eprint.iacr.org/2020/014.pdf + HostKeyAlgorithms rsa-sha2-512 +# Also disable weak algorithms for public key authentication. Use a blacklist +# because multiple algorithms might be already in use. + PubkeyAcceptedKeyTypes -ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com # Disable X11 and agent forwarding for security reasons (defaults). ForwardX11 no @@ -126,12 +135,15 @@ Host * # are stored in the shell's history file or in this file as shortcut so it's # rather useless (default). HashKnownHosts no +# Ask to update the known hosts when the server sends additional host keys +# (default, currently incompatible with ControlPersist). + UpdateHostKeys ask # Check host IP in known_hosts when connecting to detect DNS spoofing # (default). CheckHostIP yes # Ask before adding any host keys to ~/.ssh/known_hosts (default). StrictHostKeyChecking ask -# Check host keys from DNS' SSHFP resource records but ask apply +# Check host keys from DNS' SSHFP resource records but apply # StrictHostKeyChecking before trusting them. VerifyHostKeyDNS ask