[rancid] Request to remove hardcoded SSH 3des cipher

Mark Felder feld at FreeBSD.org
Tue Aug 16 22:27:04 UTC 2016

On Tue, Aug 16, 2016, at 16:52, Lee wrote:
> On 8/16/16, Mark Felder <feld at freebsd.org> wrote:
> > Hello,
> >
> > RANCID broke on my FreeBSD test box running 11.0-PRERELEASE due to a
> > newer version of OpenSSH. The problem was due to a default SSH cipher
> > "3des" being hardcoded into the various RANCID modules. I fixed this in
> > FreeBSD ports/packages by patching RANCID to use the more specific
> > 3des-cbc cipher instead, but this is still not ideal.
> Right - because now the FreeBSD ports version of rancid is different
> from everybody else's version of rancid.  I'd suggest that changing
> the
> add cyphertype  *  {3des}
> line in cloginrc.sample would have been a better change.

No, because users who upgrade to FreeBSD 11.0 end still up with a broken
RANCID install. I removed that line entirely from my .cloginrc because I
didn't want it there; at the time I assumed it would auto-negotiate.
Users who still have cyphertype in their .cloginrc are still going to
get quite the surprise and there's not much I can safely do about that.
Modifying the sample doesn't fix their config.

> > SSH 2.0 can handle
> > auto-negotiation of ciphers so there's no reason to force connections to
> > be 3des by default. I believe this feature could be removed from RANCID
> > entirely. If needed you can control the ciphers on a per-device basis in
> > ~/.ssh/config.
> or in ~/.cloginrc

In my opinion it doesn't belong there, sorry. Further, if you read the
SSH docs it clearly states:

>>> man 1 ssh says:
>>>     -c cipher_spec
>>>             Selects the cipher specification for encrypting the session.
>>>             Protocol version 1 allows specification of a single cipher.  The
>>>             supported values are “3des”, “blowfish”, and “des”.

I'm not using SSH protocol v1. How many users are using SSH v1 with
RANCID? This hardcoded value is just plain wrong, and again -- should be
left to auto-negotiation.

> > You should also keep in mind that modern versions of OpenSSH disable
> > SSHv1, CBC ciphers, and DSA keys. While this is unlikely to affect Linux
> > distros in the near future, it is still something that should be planned
> > for. I can't be sure if it's better for RANCID to stop supporting older
> > devices or to stop supporting newer versions of OpenSSH, but we've
> > nearly reached a crossroads where this decision needs to be made.
> I disagree.  Change the
>   add cyphertype *                {3des}
> line in ~/.cloginrc and add
>   KexAlgorithms +diffie-hellman-group1-sha1
> in ~/.ssh/config and rancid works just fine.  Without having to drop
> support for anything.

How does it make sense to control some SSH options in ~/.cloginrc, but
others in ~/.ssh/config ? Also, you have to compile SSHv1 support back
in to OpenSSH now. It's not just a config option disabled by default.
The same will eventually happen for the CBC ciphers, but I don't know
the timeline there.

I still don't see how users are benefitting from RANCID controlling the
ssh ciphers. Can someone please show how this provides better
interoperability or security than letting the ssh auto-negotiate? If the
version of OpenSSH installed on the OS has something disabled you're
still going to have to edit the ~/.ssh/config regardless.

  Mark Felder
  ports-secteam member
  feld at FreeBSD.org

More information about the Rancid-discuss mailing list