Introduction
This document is about updating the default OpenSSH 5.3 to 6.6 for ECDSA, ETM, and AES-GCM support.
Carefully consider the administrative burden of leaving behind vendor support against the benefits of stronger crypto. Be careful to test against a machine you have out-of-band or console access to in case you end up breaking ssh.
I assume you’ve already
upgraded OpenSSL for ECC support. N.B.: CentOS 6.5 may have a useful OpenSSL, unlike CentOS 6.4.
Email me, ptudor at this domain, with compliments and corrections.
Read about the history of ECC support in RPMs:
RedHat Bugzilla about missing ECC
If download links break in the future, here’s a
local copy of referenced files
As revisions move forward, here’s an
archive of old files
Things you see
Things you type
Bonus:
Notes on Ciphers and MACs at the end of this document to remove SHA1 and deprecate RC4.
Prepare the build environment
If you’ve never built an RPM before, you’ll have to install the programs for compiling and packaging software.
Install the package group with gcc, the rpm-build package, and some RPMs we’ll need for openssl.
yum -y groupinstall "Development tools"
yum -y install pam-devel rpm-build zlib-devel krb5-devel tcp_wrappers tcp_wrappers-devel
mkdir -p /usr/src/redhat/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
echo '%_topdir /usr/src/redhat' > ~/.rpmmacros
Shortcut for lazy people
Download my SRPM, build it, and skip to the
section on rpmbuild.
wget https://www.ptudor.net/linux/openssh/resources/openssh-6.6p1-1.src.rpm --no-check-certificate
echo e4779f6e9027887bfd1132b195576a31c5658bb991b7a29eb448f8fdb29b202c
openssl dgst -sha256 openssh-6.6p1-1.src.rpm
rpm -Uvh openssh-6.6p1-1.src.rpm
Find a source RPM
I’d normally just rebuild the vendor-provided RPM or a similar package but here we’ll use the spec file from the OpenSSH tarball. If you need askpass support, this is not a good solution.
cd /usr/src/redhat/SOURCES/
wget http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz
wget http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz.asc
openssl dgst -sha1 openssh-6.6p1.tar.gz; echo b850fd1af704942d9b3c2eff7ef6b3a59b6a6b6e
Build from the spec file
We’ll start by extracting the spec file from the source tarball and moving it into place.
cd /usr/src/redhat/SPECS/
tar xfz ../SOURCES/openssh-6.6p1.tar.gz openssh-6.6p1/contrib/redhat/openssh.spec
mv openssh-6.6p1/contrib/redhat/openssh.spec .
Next change the ownership just to prevent a problem with later packaging the SRPM.
chown 74:74 openssh.spec
Now for simplicity we’ll disable both askpass options before quickly fixing a deprecated keyword.
sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec
sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec
sed -i -e "s/BuildPreReq/BuildRequires/g" openssh.spec
Backup your SSH PAM
A reader wrote to note that the PAM config in the tarball uses the old pam_stack and will break things if you have UsePAM enabled. So at least backup the old file if you later discover you need to replace it.
cp /etc/pam.d/sshd /tmp/sshd.pam.backup.$$
Run the build
With everything prepared, compile the software and package some RPMs:
cd /usr/src/redhat/SPECS/
time rpmbuild -ba openssh.spec
Install the new RPMs
Now that rpmbuild has completed, we have some files to install. The option F is to Freshen installed packages.
cd /usr/src/redhat/RPMS/x86_64/
rpm -e openssh-askpass
rpm -Fvh openssh*6.6p1-1*rpm
Update the config a little
You might want to look at the differences between the old version and the new version and perhaps install it.
diff /etc/ssh/sshd_config /etc/ssh/sshd_config.rpmnew
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.rpmsave
mv /etc/ssh/sshd_config.rpmnew /etc/ssh/sshd_config
Restart the daemon
When you’re confident you have console access in case things go wrong, restart the daemon (although the install probably already did that for you).
/etc/init.d/sshd restart
telnet ::1 22
Trying ::1...
Connected to ::1.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6
Awesome, the banner says 6.6. Hopefully it works remotely too.
Adding the SSHFP for ECDSA keys
Let’s update our SSHFP records in DNS to add the ECDSA keys.
debug1: mismatching host key fingerprint found in DNS
Update the SSHFP RR in DNS with the new host key to get rid of this message.
ssh-keygen -r `hostname -s` -f /etc/ssh/ssh_host_ecdsa_key.pub
myhostname IN SSHFP 3 1 4cb7ef739eb26035090f1877ac726b074e92dbd1
myhostname IN SSHFP 3 2 a85682ec95664009d50f58bf57f022587017f2a36e66e17b7608ef53376b7f52
The 3 means ECDSA, the 1 means SHA1, and the 2 means SHA256.
ECDSA key for users
You can use bit sizes of 256, 384, or 521. (That’s not a typo for 512, it’s five–hundred twenty–one.)
ssh-keygen -t ecdsa -b 521
ed25519 key for users
The -a is for KDF rounds. Default is 16, don't use a number as large as you would for PBKDF2 (~80,000) or you'll be waiting forever.
ssh-keygen -a 32 -t ed25519
My sshd_config and ssh_config Cipher and MAC settings
Naturally you should read the man pages and understand the decisions you make. But for the sake of reference, here’s my changes I apply universally:
vi /etc/ssh/sshd_config
UseDNS no
PasswordAuthentication no
ChallengeResponseAuthentication no
MACs hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-64-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
Ciphers aes256-gcm@openssh.com,aes256-ctr,chacha20-poly1305@openssh.com,aes256-cbc,aes128-gcm@openssh.com,blowfish-cbc,aes192-cbc,aes128-cbc,arcfour256
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
vi /etc/ssh/ssh_config
Host *
#multiplexing
ControlMaster auto
ControlPath /tmp/ssh-%u@%L-%r@%h-%p
#
ForwardX11 yes
#
VerifyHostKeyDNS yes
Protocol 2
# 6.2+
MACs hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-64-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
Ciphers aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,blowfish-cbc,aes192-cbc,aes128-cbc,arcfour256
KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
The end.