Re: [Tails-dev] Review our list of SSH ciphers and MACs

Borrar esta mensaxe

Responder a esta mensaxe
Autor: intrigeri
Data:  
Para: The Tails public development discussion list
Temas antigos: Re: [Tails-dev] Review our list of SSH ciphers and MACs
Asunto: Re: [Tails-dev] Review our list of SSH ciphers and MACs
hi,

intrigeri wrote (28 Dec 2015 13:14:14 GMT) :
> sajolida@??? wrote (27 May 2014 12:30:21 GMT) :
>> I created that ticket in Redmine from a bug report:


>> https://labs.riseup.net/code/issues/7315


>> Summary: The SSH client configuration in Tails is too restrictive to
>> allow connecting to OpenBSD by default. I find this weird.


> Yes. This, and the fact we're soon be shipping 6.7p1, that supports
> newer and stronger crypto, as pointed out recently by Alfredo (Cc'd).


> Dear lazyweb (an in particular dkg, DrWhax and jvoisin): what SSH
> client settings should we use for ciphers, MACs and HostKeyAlgorithms
> in Tails based on Debian Jessie?


So, late in 2011 we've introduced custom configuration for the crypto
used by the OpenSSH client, and since then we have never updated it.

This has been causing inter-operability issues reported almost two
years ago, and currently this is also arguably decreasing security,
since one practical effect of our current settings is to disable newer
and stronger crypto that the OpenSSH client we ship supports.

I hereby propose that we:

1. acknowledge we have not been able, so far, to properly maintain
custom Ciphers and MACs settings for the OpenSSH client;

2. acknowledge that our failure at #1 has been causing both usability
and security issues;

3. acknowledge that the OpenSSH upstream project, and the maintainers
of the corresponding package in Debian, are doing a pretty decent
job at deprecating dangerous crypto, at enabling newer and stronger
options, and at communicating about it (see e.g.
https://sources.debian.net/src/openssh/1:7.2p2-1/debian/NEWS/#L1);

4. as a result, drop our custom Ciphers and MACs settings from
config/chroot_local-includes/etc/ssh/ssh_config, and instead rely
on the defaults offered by the openssh-client Debian package;

5. in the future, welcome any well-conducted attempt at reintroducing
such customization (e.g. for the sake of fine-tuning the place
where we put the inter-operability / security cursor), provided
there is substantial change that makes us trust that such custom
settings will be maintained.

Cheers,
--
intrigeri