After installation of new CentOS 8 on VM device I was surprised to find that secure shell daemon is configured differently than I saw in previous versions of CentOS devices. CentOS 8 SSH Daemon does not use definition of Ciphers, KexAlgorithms, GSSAPIKexAlgorithms and MACs from /etc/ssh/sshd_config file anymore as for example CentOS 7 does, but instead it takes it from command line argument when sshd process starts. The /etc/ssh/sshd_config file has warning in comments that the changes to Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any effect there and the CentOS 8 system is following system-wide crypto policy.. The command line arguments of sshd process have explicit definition of cryptographic parameters:
# ps aux | grep ‘sshd -D’ root 973396 0.0 0.1 92968 7824 ? Ss Oct23 0:00 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,rsa-sha2-512,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa |
Comment about precaution against crypto algorithm definition in /etc/ssh/sshd_config file:
# System-wide Crypto policy: # This system is following system-wide crypto policy. The changes to # Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any # effect here. They will be overridden by command-line options passed on # the server start up. # To opt out, uncomment a line with redefinition of CRYPTO_POLICY= # variable in /etc/sysconfig/sshd to overwrite the policy. # For more information, see manual page for update-crypto-policies(8). |
Now about CRYPTO_POLICY variable mentioned in comment above. This variable is presented in /etc/sysconfig/sshd in commented out state.
The ssh takes the current crypto policy from /etc/crypto-policies/back-ends/opensshserver.config file:
# cat /etc/crypto-policies/back-ends/opensshserver.config CRYPTO_POLICY=’-oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,rsa-sha2-512,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa’ # |
However /etc/crypto-policies/back-ends/opensshserver.config is only symbolic link to the default policy defined at /usr/share/crypto-policies/DEFAULT/opensshserver.txt
# ls -l /etc/crypto-policies/back-ends/opensshserver.config lrwxrwxrwx. 1 root root 52 Jul 13 04:39 /etc/crypto-policies/back-ends/opensshserver.config -> /usr/share/crypto-policies/DEFAULT/opensshserver.txt |
There are also different versions of opensshserver.txt located at following directories:
# find /usr/share/crypto-policies/ -name opensshserver.txt /usr/share/crypto-policies/DEFAULT/opensshserver.txt /usr/share/crypto-policies/EMPTY/opensshserver.txt /usr/share/crypto-policies/FIPS/opensshserver.txt /usr/share/crypto-policies/FUTURE/opensshserver.txt /usr/share/crypto-policies/LEGACY/opensshserver.txt |