Skip to content

ssh in lima seems to exclude aes-ctr and force aes-gcm exclusively #2913

New issue
New issue
Open
Open
ssh in lima seems to exclude aes-ctr and force aes-gcm exclusively#2913
Labels
bugSomething isn't working
@apostasie

Description

@apostasie
apostasie
opened on Nov 15, 2024

Description

My problem here is that we do not want to carry openssl as a dependency in other parts of our systems, and our ssh client is compiled --without-openssl.

So:

$ ssh -Q cipher
aes128-ctr
aes192-ctr
aes256-ctr
chacha20-poly1305@openssh.com

Which will not work with lima apparently:

$ limactl shell foo
command-line line 0: Unsupported option "gssapiauthentication"
command-line line 0: Bad SSH2 cipher spec '^aes128-gcm@openssh.com,aes256-gcm@openssh.com'.

From a casual reading of:

lima/pkg/sshutil/sshutil.go

Lines 201 to 222 in 217da28

if !sshInfo.openSSHVersion.LessThan(*semver.New("8.1.0")) {
// By default, `ssh` choose chacha20-poly1305@openssh.com, even when AES accelerator is available.
// (OpenSSH_8.1p1, macOS 11.6, MacBookPro 2020, Core i7-1068NG7)
//
// We prioritize AES algorithms when AES accelerator is available.
if sshInfo.aesAccelerated {
logrus.Debugf("AES accelerator seems available, prioritizing aes128-gcm@openssh.com and aes256-gcm@openssh.com")
if runtime.GOOS == "windows" {
opts = append(opts, "Ciphers=^aes128-gcm@openssh.com,aes256-gcm@openssh.com")
} else {
opts = append(opts, "Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\"")
}
} else {
logrus.Debugf("AES accelerator does not seem available, prioritizing chacha20-poly1305@openssh.com")
if runtime.GOOS == "windows" {
opts = append(opts, "Ciphers=^chacha20-poly1305@openssh.com")
} else {
opts = append(opts, "Ciphers=\"^chacha20-poly1305@openssh.com\"")
}
}
}
return opts, nil

It seems to me lima is forcing gcm (when there is acceleration for aes), with a fallback on chacha - so, pretty much, forcing ciphers that also provide integrity, excluding ctr+separate mac.

I appreciate strong opinions :-) - and clearly there is nothing wrong with aes-gcm (though maybe chacha is more contentious) - so, if this was a conscious decision to make lima work exclusively for these ciphers, that is fine.

On the other hand, if this was not a concerted decision - there is nothing wrong with aes-ctr + hmac-sha2 either - so, curious about folks' opinion on this?

Thanks in advance.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions