summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2024-10-07 01:37:17 +0200
committerDamien Miller <djm@mindrot.org>2024-10-14 00:21:07 +0200
commit0051381a8c33740a77a1eca6859efa1c78887d80 (patch)
treebb9cbd63caf287320d6bb32f5b1192011949b5e8
parentupstream: fix previous change to ssh_config Match, which broken on (diff)
downloadopenssh-0051381a8c33740a77a1eca6859efa1c78887d80.tar.xz
openssh-0051381a8c33740a77a1eca6859efa1c78887d80.zip
upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key
exchange in sshd by default. Specifically, this removes the diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client is unchanged and continues to support these methods by default. Finite field Diffie Hellman is slow and computationally expensive for the same security level as Elliptic Curve DH or PQ key agreement while offering no redeeming advantages. ECDH has been specified for the SSH protocol for 15 years and some form of ECDH has been the default key exchange in OpenSSH for the last 14 years. ok markus@ OpenBSD-Commit-ID: 4e238ad480a33312667cc10ae0eb6393abaec8da
-rw-r--r--myproposal.h8
-rw-r--r--sshd_config.59
2 files changed, 7 insertions, 10 deletions
diff --git a/myproposal.h b/myproposal.h
index 3bdc2e955..c1459054a 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.73 2024/09/09 02:39:57 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.74 2024/10/06 23:37:17 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -32,14 +32,14 @@
"curve25519-sha256@libssh.org," \
"ecdh-sha2-nistp256," \
"ecdh-sha2-nistp384," \
- "ecdh-sha2-nistp521," \
+ "ecdh-sha2-nistp521" \
+
+#define KEX_CLIENT_KEX KEX_SERVER_KEX "," \
"diffie-hellman-group-exchange-sha256," \
"diffie-hellman-group16-sha512," \
"diffie-hellman-group18-sha512," \
"diffie-hellman-group14-sha256"
-#define KEX_CLIENT_KEX KEX_SERVER_KEX
-
#define KEX_DEFAULT_PK_ALG \
"ssh-ed25519-cert-v01@openssh.com," \
"ecdsa-sha2-nistp256-cert-v01@openssh.com," \
diff --git a/sshd_config.5 b/sshd_config.5
index dbed44f2a..6e12fbe25 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.374 2024/09/15 08:27:38 jmc Exp $
-.Dd $Mdocdate: September 15 2024 $
+.\" $OpenBSD: sshd_config.5,v 1.375 2024/10/06 23:37:17 djm Exp $
+.Dd $Mdocdate: October 6 2024 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -1062,10 +1062,7 @@ The default is:
sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,
mlkem768x25519-sha256,
curve25519-sha256,curve25519-sha256@libssh.org,
-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
-diffie-hellman-group-exchange-sha256,
-diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
-diffie-hellman-group14-sha256
+ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
.Ed
.Pp
The list of supported key exchange algorithms may also be obtained using