From nobody Tue Apr 7 08:14:08 2026 X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fqfBB5Kwmz6Z28t for ; Tue, 07 Apr 2026 08:14:42 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (prime256v1) client-digest SHA256) (Client CN "mailgate.leidinger.net", Issuer "E7" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fqfB909fgz3w5S for ; Tue, 07 Apr 2026 08:14:41 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=leidinger.net header.s=outgoing-alex header.b="g4SK7Bx/"; dmarc=pass (policy=quarantine) header.from=leidinger.net; spf=pass (mx1.freebsd.org: domain of Alexander@Leidinger.net designates 89.238.82.207 as permitted sender) smtp.mailfrom=Alexander@Leidinger.net List-Id: Discussion related to FreeBSD architecture List-Archive: https://lists.freebsd.org/archives/freebsd-arch List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arch@FreeBSD.org MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net; s=outgoing-alex; t=1775549669; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=udFZoB0e7VwHST1LnWNlq1QmCV5f/4I/aUd0KBEn6mY=; b=g4SK7Bx/GdfTYwevArvz9g+Z6trVKYFGODRMFCUI2iHCTiWu9XDSWAWwZjFfNaQ8En32+e ycypm5wPlX5zNMzk2dChlRdcwo2vz/6Dp0lNj9s3wy6ISopDONYydFr3ZXyD4BeTI7NbcK X40MeFqpf2aFkG2qELl41vJ/LpG7tkx2aCuSAFEslEUVKVTqwxDun6y3lvkdaEFS71ctwd pKAStVD9538fuBIEpC+nySXEMvvhtz4KJLyBa7akH/1PdpLVpbs4NuGatL45FwSsLoMacA /osmEKUZs484WOiuDSbRIhimygBM2w1J0t3vIkaH6/Sz0rWiKr6s92DR5fB6Vg== Date: Tue, 07 Apr 2026 10:14:08 +0200 From: Alexander Leidinger To: Christian Weisgerber Cc: freebsd-arch@freebsd.org Subject: Re: Stronger ssh settings In-Reply-To: References: <7655dcd5cbd65d9276213dd8d2a25552@Leidinger.net> Message-ID: <01e5741f831924f0b4b306354a8275c9@Leidinger.net> Organization: No organization, this is a private message. Content-Type: multipart/signed; protocol="application/pgp-signature"; boundary="=_5b2e26e4659c43353769a66f8b928d1a"; micalg=pgp-sha256 X-Spamd-Result: default: False [-5.83 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.83)[-0.832]; DMARC_POLICY_ALLOW(-0.50)[leidinger.net,quarantine]; R_DKIM_ALLOW(-0.20)[leidinger.net:s=outgoing-alex]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; ONCE_RECEIVED(0.10)[]; HAS_ORG_HEADER(0.00)[]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[leidinger.net:+]; HAS_ATTACHMENT(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:34240, ipnet:89.238.64.0/18, country:DE]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MISSING_XM_UA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-arch@freebsd.org]; RCVD_COUNT_ZERO(0.00)[0]; MID_RHS_MATCH_FROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; TO_DN_SOME(0.00)[] X-Rspamd-Queue-Id: 4fqfB909fgz3w5S X-Spamd-Bar: ----- This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --=_5b2e26e4659c43353769a66f8b928d1a Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed Am 2026-04-05 16:09, schrieb Christian Weisgerber: > Alexander Leidinger: > >> I propose to extend our ssh config (and maybe other configs) regarding >> - settings for government standards >> - improved FreeBSD defaults > > Upstream OpenSSH has a history of walking a good compromise line > between phasing out aging algorithms and maintaining compatibility > with most of the installed base. I don't think FreeBSD can improve > on those defaults. There was a timeframe where we still had algorithms enabled which OpenSSH disabled a bit late (at least to my opinion). OpenSSH has to take their complete userbase into account, we could have the luxury to limit that to our supported FreeBSD versions for at least the sshd config. > Government standards may require disabling some of the algorithms > OpenSSH prefers. That is more likely a disimprovement. Anyway, I don't disagree, but in some cases there is no option than to comply. > if people would like example configurations compliant with FIPS or > such, I don't object. > >> (I simply included what I use on my systems, and they >> should work for connections from and to all supported FreeBSD releases >> as I >> have them like that since a long time; an alternative would be to use >> the >> exclude syntax instead). > > Algorithm lists have the habit of going stale. They would have to > be carefully reviewed each time OpenSSH is updated. Unless a > definitive list is required, using the +/- syntax to prefer/disable > algorithms is frequently a better choice. > >> +### FreeBSD ### >> +HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519 > > Why do you drop ECDSA and all CA algorithms? > >> +KexAlgorithms >> sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 > > Why do you drop the standard name "sntrup761x25519-sha512"? > More importantly, who do you drop mlkem768x25519-sha256, which is the > upstream default? > Let me guess, this list is a few years old and has gone stale. Yes, as noted. This is OK for where I copied it from. This is not what I propose. As noted I copied that there to discuss this in concept, not those particular options. Shawn Webb has put some other options into this dicussion. From one POV I agree with those, and at the same time from another POV I disagree about those. Before talking about particular options, there should be first a consensus if we are OK to differ, and about the goal of the difference (what shall be our target?). Only then we can really talk about particular options. > I think "improved FreeBSD defaults" are a bad idea. In the sense of "we shall not differ", or in regards of tgose particular options? Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_5b2e26e4659c43353769a66f8b928d1a Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc; size=833 Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmnUvOAACgkQEg2wmwP4 2IbLDg/9FVupvn/XGeWEwlkO78mPK222n8L1WeATsBhbEOhHCJEtuVWX/SWo12n/ ujSFAx+QaZrZn/wqSSq8F/IiMW1TEYtL1OyTe+DLOAOLq4JfWLR9Bl7f+Jkt94GP n83zuwiy2ttqJpK6dqEWXyePp8MnJP8o7exDr9UV1KZt+VM/yhDbJ6oKGtrMWnUL mlwQtqYBFazYHoxoK57kbuXfio+0U8NmvKKs717BVq2q9EyhGV4ni+Zj+v01Ph2S 6Ev/2rRoRK+oT0TMAGMg3u+xVztLd9KdAqha6/VhCjgGHYvqt7LL0vHwEeSxW+Ka LLyt5iLssEilHfuXfQdwk4J692NYgPPmi42eJTkHWIoqvhLM+KVE7mUmMUC3KF/3 scbFXyNrhtDkq54dYPW0EdFn2SpgAlyDRkicW75Pbez0t9Mu8zN7NlXJ7t9Dr43y A19U6KHd7yq3bkwpH7lCdSX50pfhMsGzR63/ZichZJHVx/fjvZvsU1FDy+Ibfvf4 Fm7cnnA8H/ZdUuZtLdvn6LQA81yXwVum/49jxOK3CL2E2hyIElkkyKzjJg7pU9DR CsVDXGHSXsIq1H0sIAdKHTOQN376sEoLhQhktM09JMgt+K+epgWLxo5Hy4CCTCZS uM+1jwseG9SQB/8EnmzCQWTIZ4IyHOeZ3qek5Xy7ABQ9aA6JGw0= =dKxF -----END PGP SIGNATURE----- --=_5b2e26e4659c43353769a66f8b928d1a-- From nobody Tue Apr 7 08:53:18 2026 X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fqg3T6B01z6Z4sN for ; Tue, 07 Apr 2026 08:53:57 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Received: from mailgate.Leidinger.net (mailgate.leidinger.net [IPv6:2a00:1828:2000:313::1:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (prime256v1) client-digest SHA256) (Client CN "mailgate.leidinger.net", Issuer "E7" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fqg3S0gbzz41jd for ; Tue, 07 Apr 2026 08:53:56 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=leidinger.net header.s=outgoing-alex header.b=p3ak3jIM; dmarc=pass (policy=quarantine) header.from=leidinger.net; spf=pass (mx1.freebsd.org: domain of Alexander@Leidinger.net designates 2a00:1828:2000:313::1:5 as permitted sender) smtp.mailfrom=Alexander@Leidinger.net List-Id: Discussion related to FreeBSD architecture List-Archive: https://lists.freebsd.org/archives/freebsd-arch List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arch@FreeBSD.org MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net; s=outgoing-alex; t=1775552018; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Q/Gjl+vHxwKvv+dU2j3MlYJD2BVUJBaF2zWGeWi+LRQ=; b=p3ak3jIMmXHKuzd0fv7xPozCwnnfAd4sZNQl1n1qTPFEQeykWENGViRD6txWdSP1GLKoTN QAyAoe1k/KVSR1wPoDmYJk6TuwueoicnJZQfAJA2zQi8kTsQaG5hasP/wbOCsgYKURJbUz OZDM33dyetsG3cXf73I2SlE4OPA5y9FJ2W7VrAayQVCZk7v/7QiQwvAse5w2M6KdIzjX3Q 3rpxgkO7K0T/02lJmVfQmMc+YQkjdwrKpUjrhi5FOAJNKDZhjVk94+OCEI2Ads6utCMUW+ 9E/4E8Oa5nk998/lndLJN2sS5tFCCRpknzvVfRxo8+v+IwjNuwnqT8oDO0VFMg== Date: Tue, 07 Apr 2026 10:53:18 +0200 From: Alexander Leidinger To: Alexander Leidinger Cc: Freebsd Arch Subject: Re: Stronger ssh settings In-Reply-To: <7655dcd5cbd65d9276213dd8d2a25552@Leidinger.net> References: <7655dcd5cbd65d9276213dd8d2a25552@Leidinger.net> Message-ID: <3560b93aabac3dc45cb6a51a5002ea67@Leidinger.net> Organization: No organization, this is a private message. Content-Type: multipart/signed; protocol="application/pgp-signature"; boundary="=_a9c4fc90bce811669df60bf14d62b5b5"; micalg=pgp-sha256 X-Spamd-Result: default: False [-6.09 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.991]; DMARC_POLICY_ALLOW(-0.50)[leidinger.net,quarantine]; R_SPF_ALLOW(-0.20)[+mx:c]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_DKIM_ALLOW(-0.20)[leidinger.net:s=outgoing-alex]; ARC_NA(0.00)[]; ASN(0.00)[asn:34240, ipnet:2a00:1828::/32, country:DE]; MIME_TRACE(0.00)[0:+,1:+,2:~]; HAS_ORG_HEADER(0.00)[]; MISSING_XM_UA(0.00)[]; HAS_ATTACHMENT(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MLMMJ_DEST(0.00)[freebsd-arch@freebsd.org]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[leidinger.net:+] X-Rspamd-Queue-Id: 4fqg3S0gbzz41jd X-Spamd-Bar: ------ This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --=_a9c4fc90bce811669df60bf14d62b5b5 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed Am 2026-04-04 20:08, schrieb Alexander Leidinger: > Hi, > > I propose to extend our ssh config (and maybe other configs) regarding > - settings for government standards > - improved FreeBSD defaults > > Both of them are sort of about the same thing, and at the same time > independent from each other, as such I haven'T split it up here. In the > example below, I have a patch for improved FreeBSD defaults, and an > example of the German BSI recommendation for ssh. > > I would like to get an idea if one or both is considered a welcome > change (there was at least a discussion about improved settings in the > lists long ago, which was in favour, but no patch), and if yes > additional settings for e.g. FIPS or whatever, and a discussion of what > the improved FreeBSD defaults should be (I simply included what I use > on my systems, and they should work for connections from and to all > supported FreeBSD releases as I have them like that since a long time; > an alternative would be to use the exclude syntax instead). To not give a less than optimal impression in this thread, my settings where outdated (but from a security POV not weak), here is a better example in exclude-notation (for my particular use case, not as the specific target of a change): ---snip--- HostKeyAlgorithms -ssh-rsa,ssh-rsa-cert-v01@openssh.com Ciphers -3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc MACs -hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac-64@openssh.com,umac-128@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64-etm@openssh.com KexAlgorithms -diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 # Ciphers and keying RekeyLimit 1G 1h ---snip--- The difference is, that the above excludes unwanted algorithms, while allowing new algorithms on updates, whereas my previous example was setting in stone the algorithms of a particular date (long ago). Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_a9c4fc90bce811669df60bf14d62b5b5 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc; size=833 Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmnUxg4ACgkQEg2wmwP4 2IaDCw//ZUzX5v9BWuTQbCy86GF8/91kmadow3Nd3XejZoj1jc1EnCxlF8Dz/gbT Y0S1iylzrkLhnBsWHsF/Al0AGmovwcEc1X719/KF9B1+lqerpqZyv3uWdLnLYiJJ SHABrijSU/yYavBs7uYKkm8lPrXxsvpFOAdKZOeubJ/rxCE+g+s4vVYiLifMaTvj qUTvQ+OSoXqPlFbhcLfNqCuFxD6mZOi0+LJyIkgPonSBEANrkGf0jPc58G29O5bJ PoetLhWeYCDD2J6QKrnKsV/rJoEHfqXT0yItD6TAiIw2t4fq8BXzZi8nbaIMJzVR DDo7mMQObWfbDebsbmeOVSJ1VM7cLxriOA93Irla/cYVSxnHBL9hmIUPyaMLUn7p V1zFPoWcldMMCN+NIoLiZskFMRZMdO052TX6FOu8Y4h8y/lWbtJwlHR+ryhGJXRl LDxUhXHfh/U52m9keQ7LDMJOzknRZKBxgbdfPaMq9e4CFiHnCUavmF9aJcCC+K1o 1iVFKM921FKiL2FCgDK0pkU2QRmpD23Ekk9OOlzFJfOCJF89zyFix5LdpXjfCGit gT7/1629CDVxaN/gLhzkzV+pAub7B2vubt4uUBsgHlj9QGfLcL8QcxXUg807jtFh HtCk65NfEz86FJ+S3KD/GW8kZYLAF7NE2J2kOSSG0NNrgHdu/IU= =PRY3 -----END PGP SIGNATURE----- --=_a9c4fc90bce811669df60bf14d62b5b5--