Serverkeybits, protocol 2

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Serverkeybits, protocol 2

Jonathan Paquet
Hi,
     I am working as VMware SME, and I need to update the security template
that we are using.

One of the settings that we have is the Serverkeybits. By default this
setting is not present on the sshd config file.

The protocol is set to 2 by default.

I am a little confused, because some website on the net say that
serverkeybits only apply when using protocol 1, and other say that it apply
no matter what.

Basically, I would need to know if I need to integrate this setting if we
use protocol 2 or if this is not needed?

The minimum key encryption that we want to allow is 1024, and the version
of openssh on esxi 6 is 7.1p1. Openssl 1.0.1p.

Thanks

Jonathan

Reply | Threaded
Open this post in threaded view
|

Re: Serverkeybits, protocol 2

Raf Czlonka-2
On Wed, Nov 02, 2016 at 06:39:59PM GMT, Jonathan Paquet wrote:

> Hi,
>      I am working as VMware SME, and I need to update the security template
> that we are using.
>
> One of the settings that we have is the Serverkeybits. By default this
> setting is not present on the sshd config file.
>
> The protocol is set to 2 by default.
>
> I am a little confused, because some website on the net say that
> serverkeybits only apply when using protocol 1, and other say that it apply
> no matter what.
>
> Basically, I would need to know if I need to integrate this setting if we
> use protocol 2 or if this is not needed?

Hi Jonathan,

No, this setting only applies to protocol version 1.

Regards,

Raf

> The minimum key encryption that we want to allow is 1024, and the version
> of openssh on esxi 6 is 7.1p1. Openssl 1.0.1p.
>
> Thanks
>
> Jonathan

Reply | Threaded
Open this post in threaded view
|

Re: Serverkeybits, protocol 2

Jonathan Paquet
Ok, so for protocol 2, what is used by default?

On Nov 2, 2016 3:29 PM, "Raf Czlonka" <[hidden email]> wrote:

> On Wed, Nov 02, 2016 at 06:39:59PM GMT, Jonathan Paquet wrote:
> > Hi,
> >      I am working as VMware SME, and I need to update the security
> template
> > that we are using.
> >
> > One of the settings that we have is the Serverkeybits. By default this
> > setting is not present on the sshd config file.
> >
> > The protocol is set to 2 by default.
> >
> > I am a little confused, because some website on the net say that
> > serverkeybits only apply when using protocol 1, and other say that it
> apply
> > no matter what.
> >
> > Basically, I would need to know if I need to integrate this setting if we
> > use protocol 2 or if this is not needed?
>
> Hi Jonathan,
>
> No, this setting only applies to protocol version 1.
>
> Regards,
>
> Raf
>
> > The minimum key encryption that we want to allow is 1024, and the version
> > of openssh on esxi 6 is 7.1p1. Openssl 1.0.1p.
> >
> > Thanks
> >
> > Jonathan

Reply | Threaded
Open this post in threaded view
|

Re: Serverkeybits, protocol 2

Darren Tucker
On Thu, Nov 3, 2016 at 8:14 AM, Jonathan Paquet <[hidden email]>
wrote:

> Ok, so for protocol 2, what is used by default?


There is no exact equivalent of ServerKeyBits in ssh Protocol 2.

In Protocol 1 the server generates an ephemeral RSA key that is
ServerKeyBits in size when it starts up, and regenerates it every ~1h if it
has been used.  That key is used to encrypt the SSH session key sent to the
client.

In Protocol 2 the session key is derived from a Diffie-Hellman[1] exchange
at the beginning of each connection, which produces a shared secret that
both sides contribute to but neither controls.

> > The minimum key encryption that we want to allow is 1024, and the
> version
> > > of openssh on esxi 6 is 7.1p1. Openssl 1.0.1p.
>

Short answer: OpenSSH's Protocol 2 doesn't support anything weaker than
1024 bits.

Long answer:

The absolute minimum strength key exchange in the SSHv2 spec is
diffie-hellman-group1-sha1, which is specified as 1024 bits.  It is
considered weak and has been disabled by default since OpenSSH 7.0.  There
is another set of Diffie-Hellman algorithms where the server picks the
group (diffie-hellman-group-exchange-sha{1,256}) and in OpenSSH those are
picked from the moduli file.  OpenSSH hasn't ever shipped a moduli file
with groups <1k bits, 1k bit groups were removed around 7.0 as well, then
1.5kbit groups some time later.

[1] Actually there are several supported key exchange algorithms (see
KexAlgorithms in sshd_config(8)), and exactly which one gets used will
depend on what the client and server support and/or have enabled.  They all
have the same security properties, though.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.