With all of this talk of 'FREAK', no one has mentioned OpenSSH. It implements libraries from OpenSSL (until recently, anyway). Why aren't people talking about this? is there even a way to configure export ciphers in ssh_config?
Asked
Active
Viewed 526 times
3
-
1possible duplicate of [OpenSSH default/preferred ciphers, hash, etc for SSH2](http://security.stackexchange.com/questions/25662/openssh-default-preferred-ciphers-hash-etc-for-ssh2) – Mike Scott Mar 07 '15 at 13:58
-
2The linked possible duplicate appears to be about what the *defaults* are, whereas this question seems to be about what is possible to configure. Does not sound like a duplicate to me. – user Mar 07 '15 at 20:09
1 Answers
5
OpenSSH is unaffected by FREAK for several reasons:
It only uses a small, carefully-audited portion of the OpenSSL library. The SSL cipher-negotiation code is not one of the parts it uses.
The SSH protocol is resistant to "downgrade" attacks: the size of the server key is fixed at the time of key generation and the key fingerprint is stored by the client. If an MITM tried to trick the server into using a weak key (which requires the server to be set up with multiple keys), the key fingerprint would change and the client would refuse to proceed.
OpenSSH does not, and to the best of my knowledge, has never supported "export-grade" encryption. The weakest RSA key that
ssh-keygenwill produce is 768 bits, and the default is 2048 bits. The symmetric ciphers are also quite strong: the weakest supported by the current version of OpenSSH is3des, which at 112 bits of effective security is a fair bit stronger than the 40 bits permitted by the old export laws.
Mark
- 34,513
- 9
- 86
- 135