Solved sshd won't start

[fred974]

Hello,

I have make some change in my /etc/ssh/sshd_config
file and now it won't work.
I don't why it doesn't like the MACs

/ssh/sshd.config

Port 22
Protocol 2
AddressFamily inet
#ListenAddress 127.0.0.1

#See the questions section for setting up the gatekeeper
#ForceCommand /tools/ssh_gatekeeper.sh

AllowUsers myadmin
AllowGroups myadmin

AllowTcpForwarding yes
#AuthorizedKeysFile .ssh/authorized_keys (need to be be commented for OpenSSH 5.4)
Banner /etc/banner
ChallengeResponseAuthentication no
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
ClientAliveInterval 15
ClientAliveCountMax 3
Compression yes
GatewayPorts no
LogLevel VERBOSE
LoginGraceTime 50s
MACs hmac-sha2-512-96,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-256,hmac-sha1-96,hmac-sha1
MaxAuthTries 6
MaxStartups 10
PasswordAuthentication yes
PermitEmptyPasswords no
#PermitOpen localhost:80
PermitRootLogin no
PermitUserEnvironment no
PidFile /var/run/sshd.pid
PrintLastLog yes
PrintMotd no
PubkeyAuthentication yes
StrictModes yes
Subsystem sftp /usr/libexec/sftp-server
SyslogFacility AUTH
TCPKeepAlive no
UseDNS no
UseLogin no
UsePrivilegeSeparation yes
X11DisplayOffset 10
X11Forwarding no
X11UseLocalhost yes

#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server

# service sshd restart

Performing sanity check on sshd configuration.
/etc/ssh/sshd_config line 27: Bad SSH2 mac spec 'hmac-sha2-512-96,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-256,hmac-sha1-96,hmac-sha1'.

ssh -V

OpenSSH_6.6.1p1

Can anyone help?

 

[SirDice]

This line is expected to be in file /etc/ssh/ssh_config and not in file /etc/ssh/sshd_config

Not according to sshd_config(5):

     MACs    Specifies the available MAC (message authentication code) algo-
             rithms.  The MAC algorithm is used in protocol version 2 for data
             integrity protection.  Multiple algorithms must be comma-sepa-
             rated.  The algorithms that contain ``-etm'' calculate the MAC
             after encryption (encrypt-then-mac).  These are considered safer
             and their use recommended.  The default is:

                   hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
                   umac-64-etm@openssh.com,umac-128-etm@openssh.com,
                   hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
                   hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
                   hmac-md5-96-etm@openssh.com,
                   hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
                   hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
                   hmac-sha1-96,hmac-md5-96

It's allowed in both the files.

The problem is the format of the MACs themselves.

 

[fred974]

The problem is the format of the MACs themselves

SirDice could you please elaborate a little please?
What is wrong with my format?

 

[kpa]

SirDice could you please elaborate a little please?
What is wrong with my format?

Do a ssh -Q mac and you'll see the valid values for the option, invalid values will trigger the error you're seeing.

 

[fred974]

# ssh -Q mac

hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com

Does the result above mean that I have to replace my

hmac-sha2-512-96,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-256,hmac-sha1-96,hmac-sha1

with

hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha1-96,hmac-sha1-96-etm@openssh.com,hmac-sha1

Or could someone prive a good example with security in mind?

 

[kpa]

Prefer the -etm@openssh MACs, they are "encrypt then MAC" which has been shown to be more secure than what SSH was doing previously which was "encrypt and MAC" (MAC was calculated on the plaintext which can be a big problem).

 

[fred974]

Hi kpa , I looked at -etm@openssh MACs on Google but I was unable to find much on it.
Could you please share an example?

 

[kpa]

SirDice posted the defaults from ssh_config(5) above. They should be ok without modifications and they do prefer the *-etm@openssh.org MACs which is what you want. If you still want to modify the defaults copy them as they are and drop the weakest MAC algorithms from the list but don't go overboard, some systems you are connecting might not have the newest OpenSSH and lack support for newer MACs. I would just drop the *-md5-* and the *-96-* ones from the list, MD5 message digest is known to be vulnerable but when used as part of MAC on SSH it is not known if that weakness produces a weak MAC.