>Number: 179619
>Category: bin
>Synopsis: 9-STABLE sshd negotiates unsupported cipher
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Jun 16 15:00:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Christian Weisgerber
>Release: FreeBSD 9.1-STABLE amd64
>Organization:
>Environment:
System: FreeBSD lorvorc.mips.inka.de 9.1-STABLE FreeBSD 9.1-STABLE #0 r251468:
Thu Jun 6 17:02:46 CEST 2013
na...@lorvorc.mips.inka.de:/usr/obj/usr/src/sys/GENERIC amd64
OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013, on FreeBSD 9-STABLE.
This version of OpenSSL does not support AES-GCM, so OpenSSH is built
with #undef OPENSSL_HAVE_EVPGCM there.
>Description:
Let's try to connect to a 9-STABLE box from a host that does support
AES-GCM:
$ ssh -c aes128-...@openssh.com,aes128-ctr lorvorc
Connection closed by 2001:6f8:124a::5
Odd.
$ ssh -v -c aes128-...@openssh.com,aes128-ctr lorvorc
OpenSSH_6.2, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /home/naddy/.ssh/config
debug1: /home/naddy/.ssh/config line 34: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to lorvorc [2001:6f8:124a::5] port 22.
debug1: Connection established.
debug1: identity file /home/naddy/.ssh/id_rsa type -1
debug1: identity file /home/naddy/.ssh/id_rsa-cert type -1
debug1: identity file /home/naddy/.ssh/id_dsa type -1
debug1: identity file /home/naddy/.ssh/id_dsa-cert type -1
debug1: identity file /home/naddy/.ssh/id_ecdsa type -1
debug1: identity file /home/naddy/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.2_hpn13v11 FreeBSD-20130515
debug1: match: OpenSSH_6.2_hpn13v11 FreeBSD-20130515 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-...@openssh.com <implicit> none
debug1: kex: client->server aes128-...@openssh.com <implicit> none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 2001:6f8:124a::5
On the 9-STABLE box, auth.log says:
Jun 9 02:39:49 lorvorc sshd[98792]: fatal: matching cipher is not supported:
aes128-...@openssh.com [preauth]
sshd should not match a cipher it doesn't actually support!
>How-To-Repeat:
See above.
>Fix:
Index: crypto/openssh/myproposal.h
===================================================================
--- crypto/openssh/myproposal.h (revision 251468)
+++ crypto/openssh/myproposal.h (working copy)
@@ -71,10 +71,16 @@
"ssh-rsa," \
"ssh-dss"
+#ifdef OPENSSL_HAVE_EVPGCM
+# define AESGCM_CIPHER_MODES \
+ "aes128-...@openssh.com,aes256-...@openssh.com,"
+#else
+# define AESGCM_CIPHER_MODES
+#endif
#define KEX_DEFAULT_ENCRYPT \
"aes128-ctr,aes192-ctr,aes256-ctr," \
"arcfour256,arcfour128," \
- "aes128-...@openssh.com,aes256-...@openssh.com," \
+ AESGCM_CIPHER_MODES \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
"aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se"
#ifdef NONE_CIPHER_ENABLED
For FreeBSD 9-STABLE, changing the "Ciphers" description in
ssh_config.5 and sshd_config.5 to match might be an additional
consideration.
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
