Autore: yawnbox Data: To: tails-dev Oggetto: [Tails-dev] Supported sshd MACs
Hi there Tails Dev team,
I've been a little vocal about this on Twitter and I've been a little
lazy about emailing you about this problem with Tails. I recently
switched to Subgraph, but I was running Tails as my daily driver for
nearly a year.
Server side (yawnbox.com) I harden my sshd config by defining which
ciphers, MACs, and Kex Algorithms I will permit clients to use. This is
good for transport security and also for defending against SSH brute
force attackers (that must be using outdated software) because client
negotiation is rejected when they don't have strong MAC algorithm preauth.
Here is my current sshd config (I disable the DSA and ECDSA keys per
BetterCrypto.org):
When I attempt to SSH to yawnbox.com from Tails 2.2.1, this is my error:
no matching mac found: client hmac-sha1,hmac-md5,hmac-ripemd160 server
hmac-sha2-512-etm@???,hmac-sha2-256-etm@???,umac-128-etm@???,hmac-sha2-512,hmac-sha2-256
My "fix" is to simply sudo+delete Tails' defined Ciphers and MACs lines
in /etc/ssh/ssh_config.
"For systems where – during the lifetime of the keys – it is expected
that low-entropy situations occur, RSA keys should be preferred over DSA
keys: For DSA, if there is ever insufficient entropy at the time keys
are used for signing this may lead to repeated ephemeral keys. An
attacker who can guess an ephemeral private key used in such a signature
can compromise the DSA secret key."
It seems prudent to explicitly configure Tails by disabling the use of
DSA keys in ssh_config since people often use low-end systems.
I hope you all are well, and good luck with the 2.3 release tomorrow. Cheers