-
-
Notifications
You must be signed in to change notification settings - Fork 175
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
if connection trottling is configured, diffie-hellman-group-exchange-sha256 warning about bit numbers disappear #262
Comments
That result makes sense. The |
It doesn't make sense. Vulnerability to low bit number doesn't disappear just because we're also testing for something else. Which gets us back to why diffie-hellman-group-exchange-sha256 hasn't been deprecated yet. |
When You'll notice that the tests complete as expected when |
That point wasn't addressed in your reply.
Which is why diffie-hellman-group-exchange-sha256 should result in a red flag and a recommendation to remove it from the configuration file, while the other diffie-hellman should result in a yellow flag. |
The logic for this is still broken. ssh-audit currently skips testing diffie-hellman-group-exchange-sha256's number of bits if any DHEat mitigation is in use. |
I can't reproduce that result. I scanned a clean Ubuntu 22.04 image with the ssh-audit v3.2.0 stable release. Then I applied the |
@perkelix : is this issue still valid? If so, I'm definitely confused. Thought I'd check before closing it. |
@jtesta I have removed diffie-hellman-group-exchange-sha256 from my configuration since it's an insecure kex that should no longer be recommended anyhow. |
Closing this, since I cannot reproduce the issue. |
Reporting aginstt what's in Git up to commit 8124c8e:
If connection trottling is enabled as a mitigation against CVE-2002-20001, all warnings about diffie-hellman-group-exchange-sha256's risks disappear.
What's expected:
(kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] available since OpenSSH 4.4
`- [info] OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 3072. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).
What we get:
(kex) diffie-hellman-group-exchange-sha256 -- [info] available since OpenSSH 4.4
What caused this was the addition of 3 lines to sshd_config:
MaxStartups 10:30:100
PerSourceMaxStartups 1
PerSourceNetBlockSize 32:128
The text was updated successfully, but these errors were encountered: