Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH KexAlgorithms causes SSH daemon to fail #500

Closed
max-wittig opened this issue Nov 8, 2021 · 8 comments
Closed

SSH KexAlgorithms causes SSH daemon to fail #500

max-wittig opened this issue Nov 8, 2021 · 8 comments

Comments

@max-wittig
Copy link

Describe the bug
Because of the renaming of a KEX algorithm, an upgrade from Fedora 33 to 34 or 35, will cause the SSH daemon to crash on start with this message.

Unsupported KEX algorithm "sntrup4591761x25519-sha512@tinyssh.org"

Although this algorithm was updated in #437, it's currently quite difficult to apply this fix as it's only run when the sshd_version is equal or above 8.5. Fedora 33 seems to have version 8.4. More details below.

This is a continuation issue from #433

Expected behavior

I think the key algorithm rename should be done, before it causes problems. I'm also aware that this might not be possible, as OpenSSL didn't follow a nice deprecation path, it seems.

But I'm not sure about this, maybe we can change the key algorithm name already in 8.4, which would prevent this problem.

Actual behavior

SSH daemon crashes with the following message

Unsupported KEX algorithm "sntrup4591761x25519-sha512@tinyssh.org"

OS / Environment

$ ssh -V
OpenSSH_8.4p1, OpenSSL 1.1.1l  FIPS 24 Aug 2021

$ ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
sntrup4591761x25519-sha512@tinyssh.org

cat /etc/redhat-release
Fedora release 33 (Thirty Three)

Ansible Version

ansible [core 2.11.6] 
  config file = None
  configured module search path = ['/home/z003s32w/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /home/z003s32w/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 10.3.1 20210422 (Red Hat 10.3.1-1)]
  jinja version = 3.0.1
  libyaml = True

Role Version

0c840372d86db41f08496d1d61d0d4a2d2b2a640  # latest master

/cc @schurzi @dlouzan
@max-wittig max-wittig mentioned this issue Nov 8, 2021
Closed
@max-wittig
Copy link
Author

Running ssh-hardening after the upgrade command and before the reboot doesn't help as the ssh-daemon still reports OpenSSH version 8.4

@max-wittig
Copy link
Author

For the people running into the same issue. We're doing this this now before rebooting for the upgrade. Seems to work quite well.

  - name: Upgrade | Patch SSH algorithms to circumvent https://github.com/dev-sec/ansible-collection-hardening/issues/500
    lineinfile:
      path: /etc/ssh/sshd_config
      regexp: '^KexAlgorithms sntrup4591761x25519-sha512@tinyssh.org'
      line: KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

  - name: Upgrade | Run system upgrade reboot
    command: "dnf system-upgrade reboot"
    ignore_errors: yes  # Fedora will kill this SSH connection immediately
    args:
      warn: false

@schurzi
Copy link
Contributor

schurzi commented Nov 8, 2021

I think Fedora did some custom patching here. Especially since the not working Key Exchange is clearly in the list of supported Key Exchanges. This is somewhat puzzling.
I think I will setup a test environment for this and do some tests with different Fedora versions.

@max-wittig
Copy link
Author

This seems to be the culprit:

For example, if OpenSSH is upgraded then sshd_config reverts to the default package configuration. The default package configuration does not enable public key authentication, and allows password authentication.

That's weird behavior imo: https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/#sect-upgraded-package-configurations

@dlouzan
Copy link
Contributor

dlouzan commented Nov 8, 2021

That Fedora behaviour is really, really weird. Who would want their basic services configuration to be reverted to the defaults automatically? 😒

@bradleyfrank
Copy link

bradleyfrank commented Apr 28, 2022
edited

I'm running into the same on Ubuntu 22.04. The above work-around does not work for me.

# ansible --version
ansible [core 2.12.5]
  python version = 3.9.12 (main, Mar 26 2022, 15:51:15) [Clang 13.1.6 (clang-1316.0.21.2)]

---

# ssh -V
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022

# ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
sntrup761x25519-sha512@openssh.com

# uname -a
Linux home-server-test 5.15.0-27-generic #28-Ubuntu SMP Thu Apr 14 04:55:28 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

# lsb_release -ds
Ubuntu 22.04 LTS

# cat devsec/hardening/roles/ssh_hardening/MANIFEST.json | jq '.collection_info.version'
"7.0.0"

Update:

This works for me:

    - name: Run devsec.hardening.ssh_hardening
      vars:
        ssh_kex:
          - sntrup761x25519-sha512@openssh.com
          - curve25519-sha256@libssh.org
          - diffie-hellman-group-exchange-sha256
      ansible.builtin.import_role:
        name: devsec.hardening.ssh_hardening

@rndmh3ro
Copy link
Member

rndmh3ro commented May 9, 2022

We should probably update the ciphers here: https://github.com/dev-sec/ssh-baseline/blob/master/libraries/ssh_crypto.rb

Then we can also update the ciphers used in the collection.

sdwilsh added a commit to sdwilsh/ansible-playbooks that referenced this issue Jul 2, 2022
@sdwilsh
Constrain the ssh key exchanges used
ebc1074 
Ubuntu 22.04 has a newer version of openssh that doesn't play well with
the ssh_hardnening playbook, as documented in
dev-sec/ansible-collection-hardening#500.
This works around it in a way that works for both 20.04 and 22.04.
mattwr18 added a commit to tactilenews/100eyes that referenced this issue Nov 14, 2022
@mattwr18
Fix bug with ssh hardening on Ubuntu 22.04
f14b813 
- While setting up the latest test instances, we used Ubuntu 22.04 (LTS)
  and ran into an error when running the ssh hardening task Unsupported KEX algorithm "sntrup4591761x25519-sha512@tinyssh.org"
This is a reported issue that can be found at dev-sec/ansible-collection-hardening#500 and has the solution used here.
It was reported that it works with Ubuntu 20.04 as well. We have all
instances on either 20.04 or 22.04
@rndmh3ro
Copy link
Member

Should be fixed for some time now here: #437 and here dev-sec/ssh-baseline#209

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dlouzan @schurzi @rndmh3ro @bradleyfrank @max-wittig