NetBSD Problem Report #49297

From martin@aprisoft.de  Tue Oct 21 06:21:32 2014
Return-Path: <martin@aprisoft.de>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 89C22A665A
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 21 Oct 2014 06:21:32 +0000 (UTC)
Message-Id: <20141021062122.E62FAED0E4F@emmas.aprisoft.de>
Date: Tue, 21 Oct 2014 08:21:22 +0200 (CEST)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: openssh update broke sshd
X-Send-Pr-Version: 3.95

>Number:         49297
>Category:       bin
>Synopsis:       openssh update broke sshd
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bin-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 21 06:25:00 +0000 2014
>Closed-Date:    Tue Oct 21 13:10:48 +0000 2014
>Last-Modified:  Tue Oct 21 16:15:00 +0000 2014
>Originator:     Martin Husemann
>Release:        NetBSD 7.99.1
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD whoever-brings-the-night.aprisoft.de 7.99.1 NetBSD 7.99.1 (WHOEVER) #18: Mon Oct 20 17:00:05 CEST 2014 martin@seven-days-to-the-wolves.aprisoft.de:/usr/src/sys/arch/sparc64/compile/WHOEVER sparc64
Architecture: sparc64
Machine: sparc64
>Description:

After updating this machine to -current as of yesterday (i.e. with the brand
new openssh imported) I can't log into it from some windows machines
any more:

Oct 21 08:16:19 whoever-brings-the-night sshd[1610]: fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,twofish-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth]


>How-To-Repeat:
s/a

>Fix:
n/a

>Release-Note:

>Audit-Trail:
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc: 
Subject: Re: bin/49297: openssh update broke sshd
Date: Tue, 21 Oct 2014 09:02:17 -0400

 On Oct 21,  6:25am, martin@NetBSD.org (martin@NetBSD.org) wrote:
 -- Subject: bin/49297: openssh update broke sshd

 | >Number:         49297
 | >Category:       bin
 | >Synopsis:       openssh update broke sshd
 | >Confidential:   no
 | >Severity:       critical
 | >Priority:       high
 | >Responsible:    bin-bug-people
 | >State:          open
 | >Class:          sw-bug
 | >Submitter-Id:   net
 | >Arrival-Date:   Tue Oct 21 06:25:00 +0000 2014
 | >Originator:     Martin Husemann
 | >Release:        NetBSD 7.99.1
 | >Organization:
 | The NetBSD Foundation, Inc.
 | >Environment:
 | System: NetBSD whoever-brings-the-night.aprisoft.de 7.99.1 NetBSD 7.99.1 (WHOEVER) #18: Mon Oct 20 17:00:05 CEST 2014 martin@seven-days-to-the-wolves.aprisoft.de:/usr/src/sys/arch/sparc64/compile/WHOEVER sparc64
 | Architecture: sparc64
 | Machine: sparc64
 | >Description:
 | 
 | After updating this machine to -current as of yesterday (i.e. with the brand
 | new openssh imported) I can't log into it from some windows machines
 | any more:
 | 
 | Oct 21 08:16:19 whoever-brings-the-night sshd[1610]: fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,twofish-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth]
 | 

 Yes, they removed a whole bunch of ciphers because they are not supporting
 them anymore. We could either consider bringing them back, or you need to
 upgrade your windows ssh to something newer.

 christos

State-Changed-From-To: open->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Tue, 21 Oct 2014 13:10:48 +0000
State-Changed-Why:
Not a bug, just needs coonfiguration updates.


From: Martin Husemann <martin@duskware.de>
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: bin/49297: openssh update broke sshd
Date: Tue, 21 Oct 2014 15:10:08 +0200

 On Tue, Oct 21, 2014 at 09:02:17AM -0400, Christos Zoulas wrote:
 > Yes, they removed a whole bunch of ciphers because they are not supporting
 > them anymore. We could either consider bringing them back, or you need to
 > upgrade your windows ssh to something newer.

 Indeed, and the log messages were only partly helpfull (the cipher string
 was loged, but the key exchange I had to trial&error).

 For the record, adding this to /etc/ssh/sshd_conf worked around it for me:

 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc

 KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1


 I wonder how we best should document the issue to avoid folks locking them
 out accidently on update.

 Martin

From: Christos Zoulas <christos@zoulas.com>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc: "gnats-admin@netbsd.org" <gnats-admin@netbsd.org>,
 "netbsd-bugs@netbsd.org" <netbsd-bugs@netbsd.org>,
 "martin@NetBSD.org" <martin@NetBSD.org>
Subject: Re: bin/49297: openssh update broke sshd
Date: Tue, 21 Oct 2014 10:34:00 -0400

 We should add a readme file, document this in the man page, and perhaps warn=
  in ssh about old ciphers that are going away. Having said that, I don't thi=
 nk that we should change the default configuration because while it will fix=
  the problem for netbsd, it will not fix it for other implementations.

 christos

 > On Oct 21, 2014, at 9:15 AM, Martin Husemann <martin@duskware.de> wrote:
 >=20
 > The following reply was made to PR bin/49297; it has been noted by GNATS.
 >=20
 > From: Martin Husemann <martin@duskware.de>
 > To: Christos Zoulas <christos@zoulas.com>
 > Cc: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
 > Subject: Re: bin/49297: openssh update broke sshd
 > Date: Tue, 21 Oct 2014 15:10:08 +0200
 >=20
 >> On Tue, Oct 21, 2014 at 09:02:17AM -0400, Christos Zoulas wrote:
 >> Yes, they removed a whole bunch of ciphers because they are not supportin=
 g
 >> them anymore. We could either consider bringing them back, or you need to=

 >> upgrade your windows ssh to something newer.
 >=20
 > Indeed, and the log messages were only partly helpfull (the cipher string
 > was loged, but the key exchange I had to trial&error).
 >=20
 > For the record, adding this to /etc/ssh/sshd_conf worked around it for me:=

 >=20
 > Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm=
 @openssh.com,chacha20-poly1305@openssh.com,aes128-cbc
 >=20
 > KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-ni=
 stp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellma=
 n-group14-sha1,diffie-hellman-group1-sha1
 >=20
 >=20
 > I wonder how we best should document the issue to avoid folks locking them=

 > out accidently on update.
 >=20
 > Martin
 >=20

From: Christos Zoulas <christos@zoulas.com>
To: "<Paul_Koning@Dell.com>" <Paul_Koning@Dell.com>
Cc: "<gnats-bugs@NetBSD.org>" <gnats-bugs@NetBSD.org>,
 "<gnats-admin@netbsd.org>" <gnats-admin@netbsd.org>,
 "<netbsd-bugs@netbsd.org>" <netbsd-bugs@netbsd.org>
Subject: Re: bin/49297: openssh update broke sshd
Date: Tue, 21 Oct 2014 11:07:25 -0400

 > On Oct 21, 2014, at 10:44 AM, <Paul_Koning@Dell.com> <Paul_Koning@Dell.com=
 > wrote:
 >=20
 > I can understand that for oddballs like cast and the fishes, but it isn=E2=
 =80=99t obvious why AES would be removed.
 >=20
 >    paul

 aes-ctr is vulnerable to the biclique attack. I am not sure if the attack is=
  viable, but this is what upstream chose to do.

 christos=20=

From: <Paul_Koning@Dell.com>
To: <christos@zoulas.com>
Cc: <gnats-bugs@NetBSD.org>, <gnats-admin@netbsd.org>,
	<netbsd-bugs@netbsd.org>
Subject: Re: bin/49297: openssh update broke sshd
Date: Tue, 21 Oct 2014 14:44:36 +0000

 On Oct 21, 2014, at 9:02 AM, Christos Zoulas <christos@zoulas.com> wrote:

 > On Oct 21,  6:25am, martin@NetBSD.org (martin@NetBSD.org) wrote:
 > -- Subject: bin/49297: openssh update broke sshd
 >=20
 > | ...
 > | After updating this machine to -current as of yesterday (i.e. with the =
 brand
 > | new openssh imported) I can't log into it from some windows machines
 > | any more:
 > |=20
 > | Oct 21 08:16:19 whoever-brings-the-night sshd[1610]: fatal: no matching=
  cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,twofish-=
 cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,=
 aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth]
 > |=20
 >=20
 > Yes, they removed a whole bunch of ciphers because they are not supportin=
 g
 > them anymore. We could either consider bringing them back, or you need to
 > upgrade your windows ssh to something newer.

 I can understand that for oddballs like cast and the fishes, but it isn=92t=
  obvious why AES would be removed.

 	paul

>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.