From 3f7f730ac9cbf38267839ffcebd6b6fd721123c5 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Mon, 11 Jul 2022 09:01:57 +0200 Subject: [PATCH] input-xen: replace "enable LEGACY crypto" advice with targeted ssh options - "KexAlgorithms": the Fedora 35 ssh binary, using the DEFAULT crypto-policy, cannot log in to RHEL5 sshd without relaxing "KexAlgorithms". The server offers three algorithms: "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"; and according to RFC 9142, "diffie-hellman-group14-sha1" is the least deprecated from those. (The RFC marks it as MAY be implemented, and marks the other two as SHOULD NOT be implemented.) Recommend "diffie-hellman-group14-sha1". - "MACs": the Fedora 35 ssh binary, using the FUTURE crypto-policy, cannot log in to RHEL5 sshd without relaxing "MACs". The server offers "hmac-md5", "hmac-sha1", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96". After eliminating the MD5-based algos (MD5 is considered completely broken), and the one based on truncated SHA1, we're left with "hmac-sha1", "hmac-ripemd160", and "hmac-ripemd160@openssh.com". RIPEMD-160 is generally trusted, but it is compiled out of the Fedora 35 "ssh" client binary. Therefore only "hmac-sha1" remains. - "HostKeyAlgorithms", "PubkeyAcceptedAlgorithms": these options control the usage of public key algorithms, for authenticating the server to the client, and vice versa, respectively. RHEL5 sshd only supports "ssh-rsa" and "ssh-dss", and from those, "ssh-rsa" is more commonly used (for example, "ssh-keygen" defaults to creating "ssh-rsa" keys). Recommend "ssh-rsa". - "PubkeyAcceptedKeyTypes": this is the old ("legacy") name for "PubkeyAcceptedAlgorithms". As of this writing, the latest upstream release of libssh (also packaged in Fedora 35 -- libssh-0.9.6-1.fc35) does not recognize the new "PubkeyAcceptedAlgorithms" option name, only the original "PubkeyAcceptedKeyTypes". openssh-8.7p1-3.fc35 recognizes both option variants. Include "PubkeyAcceptedKeyTypes" in the recommendation along with "PubkeyAcceptedAlgorithms", for backward and forward compatbility. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2062360 Signed-off-by: Laszlo Ersek Message-Id: <20220711070157.5399-3-lersek@redhat.com> Reviewed-by: Richard W.M. Jones (cherry picked from commit af4a0454cdd21bb5e86f2dbfaa153e83afca3988) --- docs/virt-v2v-input-xen.pod | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod index 80ad94f7..1775fc31 100644 --- a/docs/virt-v2v-input-xen.pod +++ b/docs/virt-v2v-input-xen.pod @@ -37,12 +37,22 @@ option is incomplete. Some operations remain that still require the user to enter the password manually. Therefore ssh-agent is recommended over the I<-ip> option. See L. -With some modern ssh implementations, legacy crypto policies required -to interoperate with RHEL 5 sshd are disabled. To enable them you may -need to run this command on the conversion server (ie. ssh client), -but read L first: +With some modern ssh implementations, legacy crypto algorithms required +to interoperate with RHEL 5 sshd are disabled. To enable them, you may +need to add the following C stanza to your F<~/.ssh/config>: - # update-crypto-policies --set LEGACY + Host xen.example.com + KexAlgorithms +diffie-hellman-group14-sha1 + MACs +hmac-sha1 + HostKeyAlgorithms +ssh-rsa + PubkeyAcceptedKeyTypes +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + +(C and C have +identical meaning; the former is the old option name, the latter is the +new one. Virt-v2v uses both C and C when converting a guest +from Xen, and on some operating systems, C and C may not +both accept the same option variant.) =head2 Test libvirt connection to remote Xen host