Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-09 Thread Matthew Seaman 
On 09/08/2016 03:23, Jeffrey Bouquet wrote:
> Will/could there be some kind of UPDATING announcement re which files
> explicitly to switch out/remove/replace/checkfor etc the deprecated
> lines and precisely the steps to replace with new or some other
> suitable action? Action required for both the sshd and client?
> Subdirectories involved? etc...  Unclear here, but I don't use SSH
> hardly yet... despite having bought the book.

As far as managing sshd on your own systems, you should not need to make
massive changes to the /etc/ssh/sshd_config when upgrading to 11.0 or
12.0 -- the normal mergemaster or etcmerge procedures will probably
cover things.  On an upgraded system, you will have still have
/etc/ssh/ssh_host_dsa_key{,.pub} but these will be ignored by sshd and
would not be generated on a new machine.

Optionally, you may choose to replace /etc/ssh/ssh_host_rsa_key{,.pub}
if that key has a short bit-length.

You may find that you get 'Key mismatch' warnings -- ssh may use a
different type of host key on connection to a machine after this update,
and it will alert you if this does not match what it has in
~/ssh/known-hosts from previous connections.  If you're satisfied that
the warning is explained by this configuration change, then you can edit
known-hosts to eliminate the warning message.

As a ssh user, you will need to review the ssh keys you are using, and
what is listed in the ~/.ssh/authorized_keys files of any machines you
want to login to.  You can add a new key of and alternate type in
parallel to your existing keys, and load multiple keys into ssh-agent --
this allows you to phase in a new key with minimal risk that you will
lock yourself out of a remote machine.  Doing this *before* you upgrade
any systems is just common sense.

The default configuration of sshd provided with FreeBSD provides good
security and a good level of interoperability with other ssh
implementations, and you can use it with confidence.  Depending on local
requirements you may want to impose a stricter policy.  In that case,
the following references will be interesting to you:

https://wiki.mozilla.org/Security/Guidelines/OpenSSH
https://stribika.github.io/2015/01/04/secure-secure-shell.html

These are, however, rather more than most people will really find necessary.

Cheers,

Matthew




signature.asc
Description: OpenPGP digital signature

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-08 Thread Devin Teske 

> On Aug 8, 2016, at 12:39 PM, Bernard Spil  wrote:
> 
> Hi Devin,
> 
> This resource documents the choices pretty well I think
> https://stribika.github.io/2015/01/04/secure-secure-shell.html 
> 
> Author has made some modifications up to Jan 2016
> https://github.com/stribika/stribika.github.io/commits/master/_posts/2015-01-04-secure-secure-shell.md
>  
> 
> 
> The short answer then is ed25519 or rsa4096, disable both dsa and ecdsa.
> 
> Even 6.5p1 shipped with 9.3 supports ed25519.
> 
> Cheers,
> 
> Bernard.
> 

Thanks for confirming, Bernard!
-- 
Cheers,
Devin


> On 2016-08-08 19:56, Devin Teske wrote:
>> Which would you use?
>> ECDSA?
>> https://en.wikipedia.org/wiki/Elliptic_curve_cryptography 
>> 
>> > >
>> "" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover
>> operation", cryptography experts have also expressed concern over the
>> security of the NIST recommended elliptic curves,[31]
>> > >
>> suggesting a return to encryption based on non-elliptic-curve groups.
>> ""
>> Or perhaps RSA? (as des@ recommends)
>> (not necessarily to Glen but anyone that wants to answer)
>> --
>> Devin
>>> On Aug 4, 2016, at 6:59 PM, Glen Barber  wrote:
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA256
>>> This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH,
>>> and will be deprecated effective 11.0-RELEASE (and preceeding RCs).
>>> Please see r303716 for details on the relevant commit, but upstream no
>>> longer considers them secure.  Please replace DSA keys with ECDSA or RSA
>>> keys as soon as possible, otherwise there will be issues when upgrading
>>> from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the
>>> 11.0-RELEASE build.
>>> Glen
>>> On behalf of:   re@ and secteam@
>>> -BEGIN PGP SIGNATURE-
>>> Version: GnuPG v2
>>> iQIcBAEBCAAGBQJXo/L2AAoJEAMUWKVHj+KTG3sP/3j5PBVMBlYVVR+M4PUoRJjb
>>> kShIRFHzHUV9YzTIljtqOVf/f/mw3kRHA4fUonID5AJlo23ht9cwGOvGUi5H3lBK
>>> rnL9vsU9lvZoGyaHLpR/nikMOaRTa8bl1cdpULlEGH94HEzDuLT92AtAZ5HtdDEl
>>> GcXRfTe3eGOaxcqNSF8NKSMQQ8rzbKmsgsa5Cbf0PYToemn3xyPAr+9Nz8tbSrlR
>>> TrrFhzOR6+Ix0NcYJAKs6RUZ2kgbAheYF6nQmAHlJzyBihlfdfieJdysqNwSOQ8u
>>> c7CyBLNFrGKqYTDVQI36MUwoyVtEqbOjt3cPitsMsD3fVAf05H7dHp/0iqrUghUs
>>> 60HYOjfmvZxH5wvhEPdv/wPLAZeosdQgW8np3Y5cztw7cxZXF+PxoMjRcnXVpQ2c
>>> QIZg3RsiQmJtAT4Z2OuvYikqGzrpsVido0um/KMM9b82XilJExxPPzgEpXCK3CE8
>>> 7TchzrRA/W27eST4VXoNYrrMlmpavur1IxvMS54fBOu98efTIoER6uJc1t7qcL6r
>>> mEVmBoMqecg+auuWqz50Bh8K329dlYuGLMbk/Ktc3agXtpkw88ylDmC6l5N7qrnL
>>> kSb4i3DboU7R1cltiin3c/P+ahwfKQdNH18QbN3utJuzSSRVvXq4laUGFlRhWEEx
>>> bLbbH2fh5bxDmDXDMdCF
>>> =LLtP
>>> -END PGP SIGNATURE-
>>> ___
>>> freebsd-annou...@freebsd.org mailing list
>>> https://lists.freebsd.org/mailman/listinfo/freebsd-announce
>>> To unsubscribe, send any mail to "freebsd-announce-unsubscr...@freebsd.org"
>> ___
>> freebsd-sta...@freebsd.org  mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-stable 
>> 
>> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org 
>> "

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-08 Thread Bernard Spil 

Hi Devin,

This resource documents the choices pretty well I think
https://stribika.github.io/2015/01/04/secure-secure-shell.html
Author has made some modifications up to Jan 2016
https://github.com/stribika/stribika.github.io/commits/master/_posts/2015-01-04-secure-secure-shell.md

The short answer then is ed25519 or rsa4096, disable both dsa and ecdsa.

Even 6.5p1 shipped with 9.3 supports ed25519.

Cheers,

Bernard.

On 2016-08-08 19:56, Devin Teske wrote:

Which would you use?

ECDSA?

https://en.wikipedia.org/wiki/Elliptic_curve_cryptography


"" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover
operation", cryptography experts have also expressed concern over the
security of the NIST recommended elliptic curves,[31]

suggesting a return to encryption based on non-elliptic-curve groups.
""

Or perhaps RSA? (as des@ recommends)

(not necessarily to Glen but anyone that wants to answer)
--
Devin



On Aug 4, 2016, at 6:59 PM, Glen Barber  wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

This is a heads-up that OpenSSH keys are deprecated upstream by 
OpenSSH,

and will be deprecated effective 11.0-RELEASE (and preceeding RCs).

Please see r303716 for details on the relevant commit, but upstream no
longer considers them secure.  Please replace DSA keys with ECDSA or 
RSA
keys as soon as possible, otherwise there will be issues when 
upgrading

from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the
11.0-RELEASE build.

Glen
On behalf of:   re@ and secteam@

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXo/L2AAoJEAMUWKVHj+KTG3sP/3j5PBVMBlYVVR+M4PUoRJjb
kShIRFHzHUV9YzTIljtqOVf/f/mw3kRHA4fUonID5AJlo23ht9cwGOvGUi5H3lBK
rnL9vsU9lvZoGyaHLpR/nikMOaRTa8bl1cdpULlEGH94HEzDuLT92AtAZ5HtdDEl
GcXRfTe3eGOaxcqNSF8NKSMQQ8rzbKmsgsa5Cbf0PYToemn3xyPAr+9Nz8tbSrlR
TrrFhzOR6+Ix0NcYJAKs6RUZ2kgbAheYF6nQmAHlJzyBihlfdfieJdysqNwSOQ8u
c7CyBLNFrGKqYTDVQI36MUwoyVtEqbOjt3cPitsMsD3fVAf05H7dHp/0iqrUghUs
60HYOjfmvZxH5wvhEPdv/wPLAZeosdQgW8np3Y5cztw7cxZXF+PxoMjRcnXVpQ2c
QIZg3RsiQmJtAT4Z2OuvYikqGzrpsVido0um/KMM9b82XilJExxPPzgEpXCK3CE8
7TchzrRA/W27eST4VXoNYrrMlmpavur1IxvMS54fBOu98efTIoER6uJc1t7qcL6r
mEVmBoMqecg+auuWqz50Bh8K329dlYuGLMbk/Ktc3agXtpkw88ylDmC6l5N7qrnL
kSb4i3DboU7R1cltiin3c/P+ahwfKQdNH18QbN3utJuzSSRVvXq4laUGFlRhWEEx
bLbbH2fh5bxDmDXDMdCF
=LLtP
-END PGP SIGNATURE-
___
freebsd-annou...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to 
"freebsd-announce-unsubscr...@freebsd.org"


___
freebsd-sta...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to 
"freebsd-stable-unsubscr...@freebsd.org"

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-08 Thread Allan Jude 
On 2016-08-08 14:17, Conrad Meyer wrote:
> The OpenSSH defaults are intentionally sane.  RSA 2048 is anticipated
> to be fine for the next 10 years.  It would not be a bad choice.  I'm
> not aware of any reason not to use EC keys, and presumably the openssh
> authors wouldn't ship them as an option if they knew of any reason to
> believe they were compromised.
> 
> Best,
> Conrad
> 
> On Mon, Aug 8, 2016 at 10:56 AM, Devin Teske  wrote:
>> Which would you use?
>>
>> ECDSA?
>>
>> https://en.wikipedia.org/wiki/Elliptic_curve_cryptography 
>> 
>>
>> "" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover 
>> operation", cryptography experts have also expressed concern over the 
>> security of the NIST recommended elliptic curves,[31] 
>>  
>> suggesting a return to encryption based on non-elliptic-curve groups. ""
>>
>> Or perhaps RSA? (as des@ recommends)
>>
>> (not necessarily to Glen but anyone that wants to answer)
>> --
>> Devin
>>
>>
>>> On Aug 4, 2016, at 6:59 PM, Glen Barber  wrote:
>>>
> This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH,
> and will be deprecated effective 11.0-RELEASE (and preceeding RCs).
> 
> Please see r303716 for details on the relevant commit, but upstream no
> longer considers them secure.  Please replace DSA keys with ECDSA or RSA
> keys as soon as possible, otherwise there will be issues when upgrading
> from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the
> 11.0-RELEASE build.
> 
> Glen
> On behalf of: re@ and secteam@
> 

As far as I know, the "advantage" to ED25519 keys, is that you can build
openssh without openssl, if you forgo supporting RSA etc.


-- 
Allan Jude
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-08 Thread Conrad Meyer 
The OpenSSH defaults are intentionally sane.  RSA 2048 is anticipated
to be fine for the next 10 years.  It would not be a bad choice.  I'm
not aware of any reason not to use EC keys, and presumably the openssh
authors wouldn't ship them as an option if they knew of any reason to
believe they were compromised.

Best,
Conrad

On Mon, Aug 8, 2016 at 10:56 AM, Devin Teske  wrote:
> Which would you use?
>
> ECDSA?
>
> https://en.wikipedia.org/wiki/Elliptic_curve_cryptography 
> 
>
> "" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover 
> operation", cryptography experts have also expressed concern over the 
> security of the NIST recommended elliptic curves,[31] 
>  
> suggesting a return to encryption based on non-elliptic-curve groups. ""
>
> Or perhaps RSA? (as des@ recommends)
>
> (not necessarily to Glen but anyone that wants to answer)
> --
> Devin
>
>
>> On Aug 4, 2016, at 6:59 PM, Glen Barber  wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH,
>> and will be deprecated effective 11.0-RELEASE (and preceeding RCs).
>>
>> Please see r303716 for details on the relevant commit, but upstream no
>> longer considers them secure.  Please replace DSA keys with ECDSA or RSA
>> keys as soon as possible, otherwise there will be issues when upgrading
>> from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the
>> 11.0-RELEASE build.
>>
>> Glen
>> On behalf of: re@ and secteam@
>>
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v2
>>
>> iQIcBAEBCAAGBQJXo/L2AAoJEAMUWKVHj+KTG3sP/3j5PBVMBlYVVR+M4PUoRJjb
>> kShIRFHzHUV9YzTIljtqOVf/f/mw3kRHA4fUonID5AJlo23ht9cwGOvGUi5H3lBK
>> rnL9vsU9lvZoGyaHLpR/nikMOaRTa8bl1cdpULlEGH94HEzDuLT92AtAZ5HtdDEl
>> GcXRfTe3eGOaxcqNSF8NKSMQQ8rzbKmsgsa5Cbf0PYToemn3xyPAr+9Nz8tbSrlR
>> TrrFhzOR6+Ix0NcYJAKs6RUZ2kgbAheYF6nQmAHlJzyBihlfdfieJdysqNwSOQ8u
>> c7CyBLNFrGKqYTDVQI36MUwoyVtEqbOjt3cPitsMsD3fVAf05H7dHp/0iqrUghUs
>> 60HYOjfmvZxH5wvhEPdv/wPLAZeosdQgW8np3Y5cztw7cxZXF+PxoMjRcnXVpQ2c
>> QIZg3RsiQmJtAT4Z2OuvYikqGzrpsVido0um/KMM9b82XilJExxPPzgEpXCK3CE8
>> 7TchzrRA/W27eST4VXoNYrrMlmpavur1IxvMS54fBOu98efTIoER6uJc1t7qcL6r
>> mEVmBoMqecg+auuWqz50Bh8K329dlYuGLMbk/Ktc3agXtpkw88ylDmC6l5N7qrnL
>> kSb4i3DboU7R1cltiin3c/P+ahwfKQdNH18QbN3utJuzSSRVvXq4laUGFlRhWEEx
>> bLbbH2fh5bxDmDXDMdCF
>> =LLtP
>> -END PGP SIGNATURE-
>> ___
>> freebsd-annou...@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-announce
>> To unsubscribe, send any mail to "freebsd-announce-unsubscr...@freebsd.org"
>
> ___
> freebsd-current@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-08 Thread Devin Teske 
Which would you use?

ECDSA?

https://en.wikipedia.org/wiki/Elliptic_curve_cryptography 


"" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover 
operation", cryptography experts have also expressed concern over the security 
of the NIST recommended elliptic curves,[31] 
 
suggesting a return to encryption based on non-elliptic-curve groups. ""

Or perhaps RSA? (as des@ recommends)

(not necessarily to Glen but anyone that wants to answer)
-- 
Devin


> On Aug 4, 2016, at 6:59 PM, Glen Barber  wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH,
> and will be deprecated effective 11.0-RELEASE (and preceeding RCs).
> 
> Please see r303716 for details on the relevant commit, but upstream no
> longer considers them secure.  Please replace DSA keys with ECDSA or RSA
> keys as soon as possible, otherwise there will be issues when upgrading
> from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the
> 11.0-RELEASE build.
> 
> Glen
> On behalf of: re@ and secteam@
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJXo/L2AAoJEAMUWKVHj+KTG3sP/3j5PBVMBlYVVR+M4PUoRJjb
> kShIRFHzHUV9YzTIljtqOVf/f/mw3kRHA4fUonID5AJlo23ht9cwGOvGUi5H3lBK
> rnL9vsU9lvZoGyaHLpR/nikMOaRTa8bl1cdpULlEGH94HEzDuLT92AtAZ5HtdDEl
> GcXRfTe3eGOaxcqNSF8NKSMQQ8rzbKmsgsa5Cbf0PYToemn3xyPAr+9Nz8tbSrlR
> TrrFhzOR6+Ix0NcYJAKs6RUZ2kgbAheYF6nQmAHlJzyBihlfdfieJdysqNwSOQ8u
> c7CyBLNFrGKqYTDVQI36MUwoyVtEqbOjt3cPitsMsD3fVAf05H7dHp/0iqrUghUs
> 60HYOjfmvZxH5wvhEPdv/wPLAZeosdQgW8np3Y5cztw7cxZXF+PxoMjRcnXVpQ2c
> QIZg3RsiQmJtAT4Z2OuvYikqGzrpsVido0um/KMM9b82XilJExxPPzgEpXCK3CE8
> 7TchzrRA/W27eST4VXoNYrrMlmpavur1IxvMS54fBOu98efTIoER6uJc1t7qcL6r
> mEVmBoMqecg+auuWqz50Bh8K329dlYuGLMbk/Ktc3agXtpkw88ylDmC6l5N7qrnL
> kSb4i3DboU7R1cltiin3c/P+ahwfKQdNH18QbN3utJuzSSRVvXq4laUGFlRhWEEx
> bLbbH2fh5bxDmDXDMdCF
> =LLtP
> -END PGP SIGNATURE-
> ___
> freebsd-annou...@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-announce
> To unsubscribe, send any mail to "freebsd-announce-unsubscr...@freebsd.org"

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"