From 75e6ef6132a78d2a51e63e11bdd34c86e7638383 Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Fri, 4 Aug 2023 21:10:39 +0200 Subject: [PATCH] sftpd: remove diffie-hellman-group18-sha512 KEX Signed-off-by: Nicola Murino --- docs/full-configuration.md | 2 +- internal/dataprovider/configs.go | 6 ++++-- internal/sftpd/server.go | 3 +++ internal/vfs/sftpfs.go | 4 ++-- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/full-configuration.md b/docs/full-configuration.md index 4a624c1d..12049807 100644 --- a/docs/full-configuration.md +++ b/docs/full-configuration.md @@ -140,7 +140,7 @@ The configuration file contains the following sections: - `host_certificates`, list of strings. Public host certificates. Each certificate can be defined as a path relative to the configuration directory or an absolute one. Certificate's public key must match a private host key otherwise it will be silently ignored. Default: empty. - `host_key_algorithms`, list of strings. Public key algorithms that the server will accept for host key authentication. The supported values are: `rsa-sha2-512-cert-v01@openssh.com`, `rsa-sha2-256-cert-v01@openssh.com`, `ssh-rsa-cert-v01@openssh.com`, `ssh-dss-cert-v01@openssh.com`, `ecdsa-sha2-nistp256-cert-v01@openssh.com`, `ecdsa-sha2-nistp384-cert-v01@openssh.com`, `ecdsa-sha2-nistp521-cert-v01@openssh.com`, `ssh-ed25519-cert-v01@openssh.com`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `rsa-sha2-512`, `rsa-sha2-256`, `ssh-rsa`, `ssh-dss`, `ssh-ed25519`. Default values: `rsa-sha2-512-cert-v01@openssh.com`, `rsa-sha2-256-cert-v01@openssh.com`, `ecdsa-sha2-nistp256-cert-v01@openssh.com`, `ecdsa-sha2-nistp384-cert-v01@openssh.com`, `ecdsa-sha2-nistp521-cert-v01@openssh.com`, `ssh-ed25519-cert-v01@openssh.com`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `rsa-sha2-512`, `rsa-sha2-256`, `ssh-ed25519`. - `moduli`, list of strings. Diffie-Hellman moduli files. Each moduli file can be defined as a path relative to the configuration directory or an absolute one. If set and valid, `diffie-hellman-group-exchange-sha256` and `diffie-hellman-group-exchange-sha1` KEX algorithms will be available, `diffie-hellman-group-exchange-sha256` will be enabled by default if you don't explicitly set KEXs. Invalid moduli file will be silently ignored. Default: empty. - - `kex_algorithms`, list of strings. Available KEX (Key Exchange) algorithms in preference order. Leave empty to use default values. The supported values are: `curve25519-sha256`, `curve25519-sha256@libssh.org`, `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384`, `ecdh-sha2-nistp521`, `diffie-hellman-group14-sha256`, `diffie-hellman-group16-sha512`, `diffie-hellman-group18-sha512`, `diffie-hellman-group14-sha1`, `diffie-hellman-group1-sha1`. Default values: `curve25519-sha256`, `curve25519-sha256@libssh.org`, `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384`, `ecdh-sha2-nistp521`, `diffie-hellman-group14-sha256`. SHA512 based KEXs are disabled by default because they are slow. If you set one or more moduli files, `diffie-hellman-group-exchange-sha256` and `diffie-hellman-group-exchange-sha1` will be available. + - `kex_algorithms`, list of strings. Available KEX (Key Exchange) algorithms in preference order. Leave empty to use default values. The supported values are: `curve25519-sha256`, `curve25519-sha256@libssh.org`, `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384`, `ecdh-sha2-nistp521`, `diffie-hellman-group14-sha256`, `diffie-hellman-group16-sha512`, `diffie-hellman-group14-sha1`, `diffie-hellman-group1-sha1`. Default values: `curve25519-sha256`, `curve25519-sha256@libssh.org`, `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384`, `ecdh-sha2-nistp521`, `diffie-hellman-group14-sha256`. SHA512 based KEXs are disabled by default because they are slow. If you set one or more moduli files, `diffie-hellman-group-exchange-sha256` and `diffie-hellman-group-exchange-sha1` will be available. - `ciphers`, list of strings. Allowed ciphers in preference order. Leave empty to use default values. The supported values are: `aes128-gcm@openssh.com`, `aes256-gcm@openssh.com`, `chacha20-poly1305@openssh.com`, `aes128-ctr`, `aes192-ctr`, `aes256-ctr`, `aes128-cbc`, `aes192-cbc`, `aes256-cbc`, `3des-cbc`, `arcfour256`, `arcfour128`, `arcfour`. Default values: `aes128-gcm@openssh.com`, `aes256-gcm@openssh.com`, `chacha20-poly1305@openssh.com`, `aes128-ctr`, `aes192-ctr`, `aes256-ctr`. Please note that the ciphers disabled by default are insecure, you should expect that an active attacker can recover plaintext if you enable them. - `macs`, list of strings. Available MAC (message authentication code) algorithms in preference order. Leave empty to use default values. The supported values are: `hmac-sha2-256-etm@openssh.com`, `hmac-sha2-256`, `hmac-sha2-512-etm@openssh.com`, `hmac-sha2-512`, `hmac-sha1`, `hmac-sha1-96`. Default values: `hmac-sha2-256-etm@openssh.com`, `hmac-sha2-256`. - `trusted_user_ca_keys`, list of public keys paths of certificate authorities that are trusted to sign user certificates for authentication. The paths can be absolute or relative to the configuration directory. diff --git a/internal/dataprovider/configs.go b/internal/dataprovider/configs.go index 5cf042f4..eea141e2 100644 --- a/internal/dataprovider/configs.go +++ b/internal/dataprovider/configs.go @@ -30,8 +30,7 @@ import ( var ( supportedHostKeyAlgos = []string{ssh.KeyAlgoRSA, ssh.CertAlgoRSAv01} supportedKexAlgos = []string{ - "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", - "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1", + "diffie-hellman-group16-sha512", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", } supportedCiphers = []string{ @@ -104,6 +103,9 @@ func (c *SFTPDConfigs) validate() error { } } for _, algo := range c.KexAlgorithms { + if algo == "diffie-hellman-group18-sha512" { + continue + } if !util.Contains(supportedKexAlgos, algo) { return util.NewValidationError(fmt.Sprintf("unsupported KEX algorithm %q", algo)) } diff --git a/internal/sftpd/server.go b/internal/sftpd/server.go index 6591e65f..de5bd61c 100644 --- a/internal/sftpd/server.go +++ b/internal/sftpd/server.go @@ -468,6 +468,9 @@ func (c *Configuration) configureSecurityOptions(serverConfig *ssh.ServerConfig) } c.KexAlgorithms = util.RemoveDuplicates(c.KexAlgorithms, true) for _, kex := range c.KexAlgorithms { + if kex == "diffie-hellman-group18-sha512" { + logger.Warn(logSender, "", "KEX %q is not supported and will be ignored", kex) + } if !util.Contains(supportedKexAlgos, kex) { return fmt.Errorf("unsupported key-exchange algorithm %q", kex) } diff --git a/internal/vfs/sftpfs.go b/internal/vfs/sftpfs.go index cba19b62..df3f03ca 100644 --- a/internal/vfs/sftpfs.go +++ b/internal/vfs/sftpfs.go @@ -939,8 +939,8 @@ func (c *sftpConnection) openConnNoLock() error { "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-cbc", "aes192-cbc", "aes256-cbc"} clientConfig.KeyExchanges = []string{"curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", - "diffie-hellman-group14-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", - "diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", + "diffie-hellman-group14-sha256", "diffie-hellman-group-exchange-sha256", + "diffie-hellman-group16-sha512", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"} clientConfig.MACs = []string{"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512-etm@openssh.com", "hmac-sha2-512",