SSH key exchange algorithm choice / logjam issue
300 views
Skip to first unread message
Kenny Ho
Nov 2, 2015, 11:41:09 AM11/2/15
to Repo and Gerrit Discussion
Hi,
So looks like if I don't use Bouncy Castle, the server will only offer DHG1 / diffie-hellman-group1-sha1 as the KexAlgorithm and if Bouncy Castle is used, both DHG1 and DHG14 / diffie-hellman-group14-sha1 is offered.
I have been getting reports from users about problem connecting to Gerrit unless they add exception to the key exchange / KexAlgorithm exception to allow diffie-hellman-group1-sha1. I did some digging and looks like this is related to the logjam issue discovered in May 2015:
https://jbeekman.nl/blog/2015/05/ssh-logjam/
https://jbeekman.nl/blog/2015/05/ssh-logjam/
I tried to find the relevant config in (https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sshd) but I couldn't find anything related to key exchange. I then looked into the code and looks like the relevant setup is here:
https://gerrit.googlesource.com/gerrit/+/ae849a6da35be6a350b753fa2432f51c662d3265/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java#475
https://gerrit.googlesource.com/gerrit/+/ae849a6da35be6a350b753fa2432f51c662d3265/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java#475
So looks like if I don't use Bouncy Castle, the server will only offer DHG1 / diffie-hellman-group1-sha1 as the KexAlgorithm and if Bouncy Castle is used, both DHG1 and DHG14 / diffie-hellman-group14-sha1 is offered.
Is this a serious issue?
Does this mean I should reconfigure the server to use bouncy castle? Is there any workaround to reconfig the KeyExchange on a live server?
For the future, should we add ECDHP* / ecdh-sha2-nistp* to the KeyExchange list?
Doug Kelly
Nov 2, 2015, 2:44:39 PM11/2/15
to Repo and Gerrit Discussion
From what I've tested, it should be possible to simply install the Bouncy Castle JARs under $GERRIT_SITE/lib and restart Gerrit. Some have reported needing to recreate keys, but I did not find this necessary.
You should be able to find the libraries here: https://www.bouncycastle.org/latest_releases.html
Note that the "jdk15on" versions should be used. At a minimum, I believe you would want bcprov and bcpkix; bcpg is used on master for signed push support.
Kenny Ho
Nov 2, 2015, 3:27:01 PM11/2/15
to Repo and Gerrit Discussion
Thanks. I will give that a try.
Kenny Ho
Dec 1, 2015, 7:20:43 PM12/1/15
to Repo and Gerrit Discussion
Just to clarify the work around. For standalone/Jetty install (gerrit.sh), place the bouncy castle jar in <gerrit site>/lib/. For tomcat (daemon.sh), you will have to place it where the actual war is deployed tomcat/webapps/<something>/WEB-INF/lib/ if your server is configured to unpackWar.
h MacKiernan
Mar 9, 2017, 11:02:51 AM3/9/17
to Repo and Gerrit Discussion
Hello:
I'm still seeing this issue with key exchange methods despite having installed the lateds BC jars
I am running Gerrit in standalone (launched with gerrit.sh)
I've downloaded the most recent bouncy castle jars:
bcpkix-jdk15on-156.jar bcprov-jdk16-155.jar
and placed them in $GERRIT_SITE/lib and restarted gerrit
I've loaded my test user's ssh key through the gerrit web interface
and restarted gerrit
However when I attempt to connect to the gerrit ssh port as that user, 'alice' I still get the
error about key exchange:
ssh al...@127.0.0.1 -p 29418 gerrit create-project
Unable to negotiate with 127.0.0.1 port 29418: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
Thanks in advance and if I've left out any vital information about my setup that would allow one to diagnose the issue please let me know
-h MacKiernan
Reply all
Reply to author
Forward
0 new messages