On 27/09/14 01:29 PM, Alive wrote: > On 27/09/2014 23:34, Weedy wrote: >> I got bit by this last week when I audited my ssh config and dropped all >> weak/slow ciphers. >> Couldn't log into my routers and had to add md5 ciphers and macs back. >> > You must rebuild dropbear package cleanly to test this patch > > Save the patch as file located on > package/network/services/dropbear/patches/600-enable-hmac-sha2.patch, > relative to OpenWrt source directory. The patch is available here > http://patchwork.openwrt.org/patch/6322/ > > Do "make clean" to clean up the package, and then "make" to build the > firmware. > Flash the resulting firmware and test connecting to dropbear ssh daemon. > > To test using hmac-sha2-256, run this command > ssh -o MACs=hmac-sha2-256 root@OpenWrt > To test using hmac-sha2-512, run this command > ssh -o MACs=hmac-sha2-512 root@OpenWrt > > For your information, there is almost no difference between message > authentication algorithm in time needed to establish ssh connection. > > I perform the test on my TL-MR3220 (AR9330, mips, dropbear 2014.65, > r42321). The identity file is cached via ssh-agent. The test commands > are bellow. > time ssh -o MACs=hmac-md5 OpenWrt /bin/true > time ssh -o MACs=hmac-sha1 OpenWrt /bin/true > time ssh -o MACs=hmac-sha2-256 OpenWrt /bin/true > time ssh -o MACs=hmac-sha2-512 OpenWrt /bin/true > > Here are time needed to establish ssh connection > +---------+----------+----------+----------+----------+ > |time\hmac| md5 | sha1 | sha256 | sha512 | > +---------+----------+----------+----------+----------+ > | real | 0m3.526s | 0m3.631s | 0m3.519s | 0m3.543s | > | user | 0m0.015s | 0m0.061s | 0m0.015s | 0m0.031s | > | sys | 0m0.077s | 0m0.046s | 0m0.093s | 0m0.092s | > +---------+----------+----------+----------+----------+ > > Putty and Bitvise will try connecting using hmac-sha2-256 when > available, whereas OpenSSH will use hmac-md5 by default. > > I hope this information will be a good reason for enabling sha2-based > hmac on dropbear by default. >
Based off failed ciphers/macs no matching cipher found: client [email protected] server aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc no matching mac found: client [email protected] server hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5 for cipher in 3des-cbc 3des-ctr aes128-cbc aes256-cbc aes128-ctr aes256-ctr; do for mac in hmac-md5 hmac-sha1 hmac-sha2-256 hmac-sha2-512; do echo ""; echo "cipher: $cipher"; echo "mac: $mac"; for bah in 1 2 3; do dd if=/dev/zero bs=1M count=25 | ssh -c "$cipher" -m "$mac" -o "Compression no" [email protected] 'time cat - >/dev/null'; echo ""; sleep 2; done; done; done OpenSSH_6.6.1 connecting to TP-Link 4300, time to transfer 26MiB of junk to null. Best of three, my router is in use and not idle. 3des-cbc +---------+----------+----------+----------+----------+ |time\hmac| md5 | sha1 | sha256 | sha512 | +---------+----------+----------+----------+----------+ | real | 0m27.65s | 0m27.98s | 0m29.47s | 0m31.93s | | user | 0m 0.05s | 0m 0.04s | 0m 0.02s | 0m 0.04s | | sys | 0m 0.25s | 0m 0.22s | 0m 0.24s | 0m 0.22s | +---------+----------+----------+----------+----------+ aes128-cbc +---------+----------+----------+----------+----------+ |time\hmac| md5 | sha1 | sha256 | sha512 | +---------+----------+----------+----------+----------+ | real | 0m12.07s | 0m12.62s | 0m13.61s | 0m16.05s | | user | 0m 0.02s | 0m 0.03s | 0m 0.00s | 0m 0.02s | | sys | 0m 0.27s | 0m 0.23s | 0m 0.21s | 0m 0.22s | +---------+----------+----------+----------+----------+ aes256-cbc +---------+----------+----------+----------+----------+ |time\hmac| md5 | sha1 | sha256 | sha512 | +---------+----------+----------+----------+----------+ | real | 0m13.32s | 0m13.61s | 0m14.97s | 0m17.71s | | user | 0m 0.02s | 0m 0.03s | 0m 0.03s | 0m 0.03s | | sys | 0m 0.27s | 0m 0.23s | 0m 0.22s | 0m 0.28s | +---------+----------+----------+----------+----------+ aes128-ctr +---------+----------+----------+----------+----------+ |time\hmac| md5 | sha1 | sha256 | sha512 | +---------+----------+----------+----------+----------+ | real | 0m12.64s | 0m12.80s | 0m13.74s | 0m16.19s | | user | 0m 0.04s | 0m 0.02s | 0m 0.02s | 0m 0.01s | | sys | 0m 0.18s | 0m 0.24s | 0m 0.17s | 0m 0.23s | +---------+----------+----------+----------+----------+ aes256-ctr +---------+----------+----------+----------+----------+ |time\hmac| md5 | sha1 | sha256 | sha512 | +---------+----------+----------+----------+----------+ | real | 0m13.40s | 0m13.84s | 0m15.20s | 0m18.11s | | user | 0m 0.01s | 0m 0.03s | 0m 0.02s | 0m 0.00s | | sys | 0m 0.17s | 0m 0.16s | 0m 0.18s | 0m 0.24s | +---------+----------+----------+----------+----------+ We should dump 3des-* and pick up arcfour* _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
