Community discussions

MikroTik App
 
superMARKet
just joined
Topic Author
Posts: 1
Joined: Sun Nov 13, 2022 6:03 am

SSH server: support diffie-hellman-group14-sha256 per RFC 9142; will improve compatibility with SSH clients

Sun Nov 13, 2022 6:29 am

Dropbear’s SSH client is unable to connect to RouterOS’ SSH server when strong crypto is enabled:
/ip/ssh
set strong-crypto=yes
This is unfortunate because Dropbear is widely deployed as the SSH client on many network equipment devices. This interoperability problem makes it unnecessarily difficult to remotely administer RouterOS devices.

When /ip/ssh strong-crypto=yes, RouterOS’ SSH server only supports the diffie-hellman-group-exchange-sha256 SSH key exchange (KEX) algorithm. RFC 9142 gives the most current guidance for SSH KEX algorithms. While diffie-hellman-group-exchange-sha256 makes the grade (§3.2.1), the only required KEX algorithm is diffie-hellman-group14-sha256 (§3.2.2), but RouterOS does not support it.

Dropbear does not support diffie-hellman-group-exchange-sha256, but it all other modern SSH clients do support diffie-hellman-group14-sha256.

Because RouterOS already implements diffie-hellman-group14-sha1 (it’s usable when /ip/ssh/set strong-crypto=no), and because it also implements SHA256 (also in use by diffie-hellman-group-exchange-sha256), it should be absolutely trivial to implement support for diffie-hellman-group14-sha256. This would ensure compliance with RFC 9142 (summary table at §6), and improve the longstanding interoperability situation with SSH clients such as Dropbear.

There are no negative security implications and this support should be enabled when /ip/ssh strong-crypto=yes. diffie-hellman-group14-sha256 is described in RFC 8268. It has identical security properties to the already-implemented diffie-hellman-group-exchange-sha256, with the MODP group fixed at 2048 bits. 2048 bits is the current recommended minimum for diffie-hellman-group-exchange-sha256 per RFC 8270, and I understand that this is what RouterOS is already using.

Please implement the diffie-hellman-group14-sha256 SSH KEX algorithm in RouterOS’ SSH server.

Who is online

Users browsing this forum: No registered users and 45 guests