From owner-freebsd-security@FreeBSD.ORG Mon Jan 12 01:22:16 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 90A1483D for ; Mon, 12 Jan 2015 01:22:16 +0000 (UTC) Received: from roadkill.tharned.org (roadkill.tharned.org [75.145.12.185]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 54073B71 for ; Mon, 12 Jan 2015 01:22:15 +0000 (UTC) Received: from angus.tharned.org (angus.tharned.org [10.10.10.7]) (authenticated bits=0) by roadkill.tharned.org (8.14.9/8.14.9) with ESMTP id t0C1M288051857 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 11 Jan 2015 19:22:08 -0600 (CST) (envelope-from gcr+freebsd-security@tharned.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tharned.org; s=2014; t=1421025728; bh=tFX8ARJxQil8pIKc8Q942RwxuwtOGhDT6t2vOVnJZf0=; h=Date:From:To:Subject; b=HRUk1gatRN4lrucUpczRolxNmIWFXzS1uOnU3DEopf9ZvNocMIiGkI6H6BM0CY1Kx xSOoZp6Lh7XF1usBJ+xMWTQPpbycD5A1gspNiv9O76+YAlTI1DQ5qDMltpRnpuTNgT kdQsL/0n3iTgDtJ407koRKaIPODUV/Bpi/ak1Gb7aE/v+JvhXwXhTW+rGLXbEBuaaJ 7OddkYVkjns2IG9fVZLlN9O3G0904XPS6xvR6dhdtrX+bZYRKEpIMs+SrW/5RNBJSU 7UqZurPE2zqyexCPi+pW97PBUT6asj1ttnpi0XSDbn1TYjYLh6PknyjcTTYLCd3C9t bKId535dorGNA== Date: Sun, 11 Jan 2015 19:22:02 -0600 (CST) From: Greg Rivers To: freebsd-security@freebsd.org Subject: Securing SSH Message-ID: User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (roadkill.tharned.org [75.145.12.185]); Sun, 11 Jan 2015 19:22:08 -0600 (CST) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jan 2015 01:22:16 -0000 I came across an interesting article[1] about more secure SSH configurations. What do our resident cryptographers think about this? Would it make sense to adjust FreeBSD defaults accordingly? [1] https://stribika.github.io/2015/01/04/secure-secure-shell.html -- Greg Rivers From owner-freebsd-security@FreeBSD.ORG Mon Jan 12 02:22:05 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1CD52F87 for ; Mon, 12 Jan 2015 02:22:05 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E4C98BF; Mon, 12 Jan 2015 02:22:04 +0000 (UTC) Received: from joe.local (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id t0C2M1ZQ026541; Mon, 12 Jan 2015 02:22:03 GMT (envelope-from jonathan@FreeBSD.org) Message-ID: <54B32FC8.1080000@FreeBSD.org> Date: Sun, 11 Jan 2015 22:52:00 -0330 From: Jonathan Anderson User-Agent: Postbox 3.0.11 (Macintosh/20140602) MIME-Version: 1.0 To: Greg Rivers Subject: Re: Securing SSH References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jan 2015 02:22:05 -0000 Hi, I can't comment much on the elliptic-curve stuff, but I think it's a bit of a stretch to say that SHA-1 isn't safe for use in a KDF. Just my two cents, Jon > Greg Rivers > 11 January 2015 at 21:52 > I came across an interesting article[1] about more secure SSH > configurations. What do our resident cryptographers think about this? > Would it make sense to adjust FreeBSD defaults accordingly? > > [1] https://stribika.github.io/2015/01/04/secure-secure-shell.html > -- Jonathan Anderson jonathan@FreeBSD.org From owner-freebsd-security@FreeBSD.ORG Mon Jan 12 02:23:36 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 54D7BDE; Mon, 12 Jan 2015 02:23:36 +0000 (UTC) Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EA999D9; Mon, 12 Jan 2015 02:23:35 +0000 (UTC) X-AuditID: 12074425-f798e6d000000d1a-65-54b330200b57 Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id D6.74.03354.02033B45; Sun, 11 Jan 2015 21:23:28 -0500 (EST) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id t0C2NRkG002726; Sun, 11 Jan 2015 21:23:28 -0500 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t0C2NPl1007906 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 11 Jan 2015 21:23:27 -0500 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id t0C2NP9b028433; Sun, 11 Jan 2015 21:23:25 -0500 (EST) Date: Sun, 11 Jan 2015 21:23:25 -0500 (EST) From: Benjamin Kaduk To: Jonathan Anderson Subject: Re: Securing SSH In-Reply-To: <54B32FC8.1080000@FreeBSD.org> Message-ID: References: <54B32FC8.1080000@FreeBSD.org> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrPIsWRmVeSWpSXmKPExsUixCmqratgsDnE4Nx2WYueTU/YLL4d1bK4 cPUmuwOzx4xP81k8rv1jD2CK4rJJSc3JLEst0rdL4MqYePsmc8E7jor3hzcwNTAuYu9i5OSQ EDCReL3oFROELSZx4d56ti5GLg4hgcVMEp/u72SCcDYyShy6f5YVwjnEJHH51D1mCKeBUeLd 5cVsIP0sAtoS5zrbWEBsNgEViZlvNoLFRQR0JN6d2gG0j4ODWSBS4v1+EZCwsICkxJxju5lB wpxArQ/+Z4GEeQUcJU49vs4MYgsJJEpsPzwZ7FJRoCmr909hgagRlDg58wmYzSygJbF8+jaW CYyCs5CkZiFJLWBkWsUom5JbpZubmJlTnJqsW5ycmJeXWqRroZebWaKXmlK6iREUruwuqjsY JxxSOsQowMGoxMM7QWZziBBrYllxZe4hRkkOJiVR3rP8QCG+pPyUyozE4oz4otKc1OJDjBIc zEoivMeVgXK8KYmVValF+TApaQ4WJXHeTT/4QoQE0hNLUrNTUwtSi2CyMhwcShK8EvpAjYJF qempFWmZOSUIaSYOTpDhPEDD3+qBDC8uSMwtzkyHyJ9iVJQS5+UFaRYASWSU5sH1wtLJK0Zx oFeEeb+DtPMAUxFc9yugwUxAg/2nrgcZXJKIkJJqYCzv/Dz/czLL4savse7b789mzUw0O8aw VL/sQqLbwTP35385nn32hPGbKsaFYp8TNi9nOqKi49DVWr/L1HjVGYXPk9n3P/9wcVay4jbD hTM6BDokVknJJl6c91NL+0vy0ZD9xo+n/437Wmt69z1/bbeRSm2EV2ykwHkhtc7qK702641Y k9RdLJVYijMSDbWYi4oTAX2pGe8CAwAA Cc: Greg Rivers , freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jan 2015 02:23:36 -0000 The author also appears to not understand the difference between single-DES and triple-DES, so I would expect the value of that posting to be only as a brainstormed list of ideas to consider for further analysis. -Ben On Sun, 11 Jan 2015, Jonathan Anderson wrote: > Hi, > > I can't comment much on the elliptic-curve stuff, but I think it's a bit of a > stretch to say that SHA-1 isn't safe for use in a KDF. > > Just my two cents, > > > Jon > > > Greg Rivers > > 11 January 2015 at 21:52 > > I came across an interesting article[1] about more secure SSH > > configurations. What do our resident cryptographers think about this? > > Would it make sense to adjust FreeBSD defaults accordingly? > > > > [1] https://stribika.github.io/2015/01/04/secure-secure-shell.html > > > > -- Jonathan Anderson > jonathan@FreeBSD.org > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Mon Jan 12 16:59:54 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3469E722 for ; Mon, 12 Jan 2015 16:59:54 +0000 (UTC) Received: from mproxy19.sbb.rs (mproxy19.sbb.rs [89.216.2.104]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "smtp.sbb.rs", Issuer "PositiveSSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8EE2D8DA for ; Mon, 12 Jan 2015 16:59:52 +0000 (UTC) Received: from mycenae.localdomain (cable-178-148-122-88.dynamic.sbb.rs [178.148.122.88]) by mproxy19.sbb.rs (8.14.4/8.14.4) with ESMTP id t0CGeUUf010458 for ; Mon, 12 Jan 2015 17:40:30 +0100 X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.97.6 at SBB mail Received: by mycenae.localdomain (Postfix, from userid 1001) id 341AD61F3; Mon, 12 Jan 2015 17:40:11 +0100 (CET) Date: Mon, 12 Jan 2015 17:40:10 +0100 From: Zoran Kolic To: freebsd-security@freebsd.org Subject: Re: Security SSH Message-ID: <20150112164010.GA811@mycenae.sbb.rs> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mproxy19.sbb.rs X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jan 2015 16:59:54 -0000 In fact, you got answer on openbsd misc list. Zoran From owner-freebsd-security@FreeBSD.ORG Mon Jan 12 23:05:45 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 04EF2AD7 for ; Mon, 12 Jan 2015 23:05:45 +0000 (UTC) Received: from mail.koukaam.se (mail.koukaam.se [193.86.201.130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.koukaam.se", Issuer "KOUKAAM Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 78FC3C4F for ; Mon, 12 Jan 2015 23:05:44 +0000 (UTC) Received: from [192.168.1.38] (unassigned-84-246-166-118.ujezd.net [84.246.166.118]) (authenticated bits=0) by mail.koukaam.se (8.14.5/8.14.5) with ESMTP id t0CMsRM5044069 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 12 Jan 2015 23:54:32 +0100 (CET) (envelope-from knezour@weboutsourcing.cz) Message-ID: <54B45084.102@weboutsourcing.cz> Date: Mon, 12 Jan 2015 23:53:56 +0100 From: Ondra Knezour User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: Greg Rivers , freebsd-security@freebsd.org Subject: Re: Securing SSH References: In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jan 2015 23:05:45 -0000 Dne 12.1.2015 v 2:22 Greg Rivers napsal(a): > I came across an interesting article about more secure SSH > configurations. > [...] You may also want to consult The applied crypto hardening book draft at https://bettercrypto.org/ if you are looking for some "instant" security inspiration. -- Regards Ondra Knezour From owner-freebsd-security@FreeBSD.ORG Tue Jan 13 00:07:21 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DFB0AA4E for ; Tue, 13 Jan 2015 00:07:21 +0000 (UTC) Received: from proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9A94527F for ; Tue, 13 Jan 2015 00:07:20 +0000 (UTC) Received: from [10.20.30.90] (50-1-98-91.dsl.dynamic.fusionbroadband.com [50.1.98.91]) (authenticated bits=0) by proper.com (8.15.1/8.14.7) with ESMTPSA id t0D07CP1013442 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 Jan 2015 17:07:13 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: proper.com: Host 50-1-98-91.dsl.dynamic.fusionbroadband.com [50.1.98.91] claimed to be [10.20.30.90] Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Subject: Re: Security SSH From: Paul Hoffman In-Reply-To: <20150112164010.GA811@mycenae.sbb.rs> Date: Mon, 12 Jan 2015 16:07:12 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <3E13CC03-7C83-4B6D-85B1-442D4014E57D@vpnc.org> References: <20150112164010.GA811@mycenae.sbb.rs> To: Zoran Kolic X-Mailer: Apple Mail (2.1993) X-Mailman-Approved-At: Tue, 13 Jan 2015 00:51:13 +0000 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2015 00:07:22 -0000 On Jan 12, 2015, at 8:40 AM, Zoran Kolic wrote: > In fact, you got answer on openbsd misc list. Can you point to that for the rest of us? I'd rather not wade in = openbsd-misc.... --Paul Hoffman= From owner-freebsd-security@FreeBSD.ORG Tue Jan 13 03:00:05 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 392CD793; Tue, 13 Jan 2015 03:00:05 +0000 (UTC) Received: from roadkill.tharned.org (roadkill.tharned.org [75.145.12.185]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EF8E068D; Tue, 13 Jan 2015 03:00:04 +0000 (UTC) Received: from angus.tharned.org (angus.tharned.org [10.10.10.7]) (authenticated bits=0) by roadkill.tharned.org (8.14.9/8.14.9) with ESMTP id t0D2xpKX087659 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 Jan 2015 20:59:56 -0600 (CST) (envelope-from gcr+freebsd-security@tharned.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tharned.org; s=2014; t=1421117997; bh=AQuJV4O7YxzGysBqzQxvNzkj99NnxkeVxGpxC6KJuyE=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=IjB/imf1jKd4RyEMH4An0MCpK2tKQf44fN+Q6sGg/4Z1YxNKYA8bo1HTF4F/sblbv tWgvdNW3Ye4udsfpC8Oj74js6bJIeSXyFxnkFCKWmslnOjfTgFjr3o8oRDDyYIQMtb mHmshdtYD98RQIdAi+D23p9/EK1zg3b4tTKH8j0B4HLuuP1OHpWIXbyy4ZqAyHc1vB NVBVIxH0uC5Krx0Cip0MdZRoyTiTC8r8sb2K81trzahizfEza7nwq8lWjNwUUhrDIa wGeUlp06ifZowdYu/IqWUul4bkv6wgiQCD5Tui8JQbEY5LqinyKGMlXQvlu/QImCqK KgMuAUhcUxsrw== Date: Mon, 12 Jan 2015 20:59:50 -0600 (CST) From: Greg Rivers To: Jonathan Anderson , Benjamin Kaduk , Ondra Knezour , Zoran Kolic , Paul Hoffman Subject: Re: Securing SSH In-Reply-To: <54B45084.102@weboutsourcing.cz> Message-ID: References: <54B45084.102@weboutsourcing.cz> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (roadkill.tharned.org [75.145.12.185]); Mon, 12 Jan 2015 20:59:57 -0600 (CST) Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2015 03:00:05 -0000 On Sun, 11 Jan 2015, Jonathan Anderson wrote: > I can't comment much on the elliptic-curve stuff, but I think it's a bit > of a stretch to say that SHA-1 isn't safe for use in a KDF. > On Sun, 11 Jan 2015, Benjamin Kaduk wrote: > The author also appears to not understand the difference between > single-DES and triple-DES, so I would expect the value of that posting > to be only as a brainstormed list of ideas to consider for further > analysis. > On Mon, 12 Jan 2015, Ondra Knezour wrote: > You may also want to consult The applied crypto hardening book draft at > https://bettercrypto.org/ if you are looking for some "instant" security > inspiration. > Thank you all for your informative replies. I suspected that the article was a bit naive. Like many, I don't have a deep knowledge of cryptography, so I appreciate your input. I thought it was worthwhile to ask and perhaps generate some discussion about FreeBSD's default SSH configuration. On Mon, 12 Jan 2015, Zoran Kolic wrote: > In fact, you got answer on openbsd misc list. > On Mon, 12 Jan 2015, Paul Hoffman wrote: > Can you point to that for the rest of us? I'd rather not wade in > openbsd-misc.... > It took a lot of searching to find, but I suspect he's talking about , which fails parts 3 through 6 of the Boy Scout Law. -- Greg From owner-freebsd-security@FreeBSD.ORG Tue Jan 13 17:31:44 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D1F2EFAD for ; Tue, 13 Jan 2015 17:31:44 +0000 (UTC) Received: from mproxy19.sbb.rs (mproxy19.sbb.rs [89.216.2.104]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "smtp.sbb.rs", Issuer "PositiveSSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F12FED2 for ; Tue, 13 Jan 2015 17:31:43 +0000 (UTC) Received: from knossos (cable-178-148-125-158.dynamic.sbb.rs [178.148.125.158]) by mproxy19.sbb.rs (8.14.4/8.14.4) with ESMTP id t0DHVXxa005393 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 13 Jan 2015 18:31:34 +0100 X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.97.6 at SBB mail Received: from localhost (1000@localhost [local]); by localhost (OpenSMTPD) with ESMTPA id 1ce7ab38; Tue, 13 Jan 2015 18:31:27 +0100 (CET) Date: Tue, 13 Jan 2015 18:31:27 +0100 From: Zoran Kolic To: Paul Hoffman Subject: Re: Security SSH Message-ID: <20150113173127.GA15966@knossos> References: <20150112164010.GA811@mycenae.sbb.rs> <3E13CC03-7C83-4B6D-85B1-442D4014E57D@vpnc.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3E13CC03-7C83-4B6D-85B1-442D4014E57D@vpnc.org> X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mproxy19.sbb.rs Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2015 17:31:44 -0000 > Can you point to that for the rest of us? I'd rather not wade in openbsd-misc.... The link original poster presented is the correct one. Openbsd tend to set some default values, which one might like or not. I would disable root login at first. Misc seems rough at moment. I found it very helpfull if I need help, just have to follow rules. Be patient, give as much info as possible, don't push... Do your homework... If I really have to say what I think: ssh is great tool. Best regards all Zoran From owner-freebsd-security@FreeBSD.ORG Tue Jan 13 18:41:54 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 479067C6 for ; Tue, 13 Jan 2015 18:41:54 +0000 (UTC) Received: from proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1E1FCA02 for ; Tue, 13 Jan 2015 18:41:53 +0000 (UTC) Received: from [10.20.30.90] (50-1-98-91.dsl.dynamic.fusionbroadband.com [50.1.98.91]) (authenticated bits=0) by proper.com (8.15.1/8.14.7) with ESMTPSA id t0DIfpCX063685 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 13 Jan 2015 11:41:51 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: proper.com: Host 50-1-98-91.dsl.dynamic.fusionbroadband.com [50.1.98.91] claimed to be [10.20.30.90] Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Subject: Re: Security SSH From: Paul Hoffman In-Reply-To: <20150113173127.GA15966@knossos> Date: Tue, 13 Jan 2015 10:41:50 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20150112164010.GA811@mycenae.sbb.rs> <3E13CC03-7C83-4B6D-85B1-442D4014E57D@vpnc.org> <20150113173127.GA15966@knossos> To: Zoran Kolic X-Mailer: Apple Mail (2.1993) X-Mailman-Approved-At: Tue, 13 Jan 2015 19:14:42 +0000 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2015 18:41:54 -0000 On Jan 13, 2015, at 9:31 AM, Zoran Kolic wrote: >=20 >> Can you point to that for the rest of us? I'd rather not wade in = openbsd-misc.... >=20 > The link original poster presented is the correct one. > Openbsd tend to set some default values, which one might > like or not. I would disable root login at first. > Misc seems rough at moment. I found it very helpfull if > I need help, just have to follow rules. Be patient, give > as much info as possible, don't push... Do your homework... > If I really have to say what I think: ssh is great tool. In the FreeeBSD space, enabling root login for SSH by default is = problematic on both sides of the sword. - If it enabled by default, and the root password is purposely easy to = remember (because it is a single-user system), it's easy to get owned. - If it is disabled by default, you either have to be able to log in = once from the console (which you might not have access to if it is a = VM), or the one user who was added has to be part of the right group = *and* you need to remember the right incantation for "su". On balance, I'm happy with the FreeBSD default of "PermitRootLogin no" = even though it has made creating new FreeBSD VMs troublesome for me = sometimes. ...and I'm glad we're not discussing the uninformed crypto FUD that = started this thread... --Paul Hoffman= From owner-freebsd-security@FreeBSD.ORG Tue Jan 13 20:20:28 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BCF0C58A for ; Tue, 13 Jan 2015 20:20:28 +0000 (UTC) Received: from roadkill.tharned.org (roadkill.tharned.org [75.145.12.185]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7E097753 for ; Tue, 13 Jan 2015 20:20:28 +0000 (UTC) Received: from angus.tharned.org (angus.tharned.org [10.10.10.7]) (authenticated bits=0) by roadkill.tharned.org (8.14.9/8.14.9) with ESMTP id t0DKKKJP011225 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 13 Jan 2015 14:20:25 -0600 (CST) (envelope-from gcr+freebsd-security@tharned.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tharned.org; s=2014; t=1421180426; bh=W23gxdxHwTtib3difzxxHmubduKRUA7Z12wpVE3KY3c=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=isLxVS6tIsjdPalTM/nVG4vmAA8t0MSnJtn2m7dCIWZxDYvnQW9jqYNM/aLZ6TBAA cLZ/aY6dF/A5KjfVSTEvgmZZyJ9D8Zy4ohR+ZHJJ1QNAMj2oV2v38P14pabc2BKgeD cU/wojuqrX0oYAdMESCKDSVOLRPNFOUl7bpqpxNG7Uc7f3L2HbIjho2KCfHfCvytmB o26BZiUrCElABKzkN0VlIanuMfJ4ZJnukzT8DqRUe2lbH7VXf4GFxsbp3/CIuJZRNf cuYGYUHVyP+nAWv9/cjAUf7Q3RvMGwhSGfJc1/o8KQSJNCw+Hgg6/5DES2/YB3D6tS 3LiOyKaIdZ8nA== Date: Tue, 13 Jan 2015 14:20:20 -0600 (CST) From: Greg Rivers To: Paul Hoffman Subject: Re: Security SSH In-Reply-To: Message-ID: References: <20150112164010.GA811@mycenae.sbb.rs> <3E13CC03-7C83-4B6D-85B1-442D4014E57D@vpnc.org> <20150113173127.GA15966@knossos> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (roadkill.tharned.org [75.145.12.185]); Tue, 13 Jan 2015 14:20:26 -0600 (CST) Cc: freebsd-security@freebsd.org, Zoran Kolic X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2015 20:20:28 -0000 On Tue, 13 Jan 2015, Paul Hoffman wrote: > ...and I'm glad we're not discussing the uninformed crypto FUD that > started this thread... > Agreed, we can all move on now. I only asked about this because I honestly wanted to know what more knowledgeable people thought. I'm sorry if it seemed like a stupid question to you. -- Greg Rivers From owner-freebsd-security@FreeBSD.ORG Wed Jan 14 04:42:58 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AD7627ED for ; Wed, 14 Jan 2015 04:42:58 +0000 (UTC) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 328A9159 for ; Wed, 14 Jan 2015 04:42:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id t0E4gntf086422; Wed, 14 Jan 2015 15:42:49 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 14 Jan 2015 15:42:48 +1100 (EST) From: Ian Smith To: Greg Rivers Subject: Re: Security SSH In-Reply-To: Message-ID: <20150114153706.N82172@sola.nimnet.asn.au> References: <20150112164010.GA811@mycenae.sbb.rs> <3E13CC03-7C83-4B6D-85B1-442D4014E57D@vpnc.org> <20150113173127.GA15966@knossos> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-security@freebsd.org, Paul Hoffman , Zoran Kolic X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2015 04:42:58 -0000 On Tue, 13 Jan 2015 14:20:20 -0600, Greg Rivers wrote: > On Tue, 13 Jan 2015, Paul Hoffman wrote: > > ...and I'm glad we're not discussing the uninformed crypto FUD that started > > this thread... > > > Agreed, we can all move on now. I only asked about this because I honestly > wanted to know what more knowledgeable people thought. I'm sorry if it > seemed like a stupid question to you. The link to the Der Spiegel article and the documents there referenced alone made this worthwhile for me. Now I know a whole 1% of not much. Thanks, Ian From owner-freebsd-security@FreeBSD.ORG Wed Jan 14 21:44:20 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E8335EE0; Wed, 14 Jan 2015 21:44:19 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C8884F78; Wed, 14 Jan 2015 21:44:19 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id t0ELiJ2x002078; Wed, 14 Jan 2015 21:44:19 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id t0ELiJCN002076; Wed, 14 Jan 2015 21:44:19 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 14 Jan 2015 21:44:19 GMT Message-Id: <201501142144.t0ELiJCN002076@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-15:01.openssl Reply-To: freebsd-security@freebsd.org Precedence: bulk X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2015 21:44:20 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:01.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2015-01-14 Affects: All supported versions of FreeBSD. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. [CVE-2014-3571] A memory leak can occur in the dtls1_buffer_record function under certain conditions. [CVE-2015-0206] When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. [CVE-2014-3569] This does not affect FreeBSD's default build. An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. [CVE-2014-3572] An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. [CVE-2015-0204] An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. [CVE-2015-0205] OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. [CVE-2014-8275] Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. [CVE-2014-3570] III. Impact An attacker who can send a carefully crafted DTLS message can cause server daemons that uses OpenSSL to crash, resulting a Denial of Service. [CVE-2014-3571] An attacker who can send repeated DTLS records with the same sequence number but for the next epoch can exhaust the server's memory and result in a Denial of Service. [CVE-2015-0206] A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572] A server could present a weak temporary key and downgrade the security of the session. [CVE-2015-0204] A client could authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys, which is extremely rare. [CVE-2015-0205] By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. [CVE-2014-8275] IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 8.4 and FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch # fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc # gpg --verify openssl-9.3.patch.asc [FreeBSD 10.0] # fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch # fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc # gpg --verify openssl-10.0.patch.asc [FreeBSD 10.1] # fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch # fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc # gpg --verify openssl-10.1.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.1 (FreeBSD) iQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB QCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q U7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL JSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR 4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY fIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3 DJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa xOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq aQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0 sJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp i5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J 6FLFZ38YkLcUIzW6I6Kc =ztFk -----END PGP SIGNATURE-----