Post by AlivePost by WeedyI got bit by this last week when I audited my ssh config and dropped all
weak/slow ciphers.
Couldn't log into my routers and had to add md5 ciphers and macs back.
You must rebuild dropbear package cleanly to test this patch
Save the patch as file located on
package/network/services/dropbear/patches/600-enable-hmac-sha2.patch,
relative to OpenWrt source directory. The patch is available here
http://patchwork.openwrt.org/patch/6322/
Do "make clean" to clean up the package, and then "make" to build the
firmware.
Flash the resulting firmware and test connecting to dropbear ssh daemon.
To test using hmac-sha2-256, run this command
To test using hmac-sha2-512, run this command
For your information, there is almost no difference between message
authentication algorithm in time needed to establish ssh connection.
I perform the test on my TL-MR3220 (AR9330, mips, dropbear 2014.65,
r42321). The identity file is cached via ssh-agent. The test commands
are bellow.
time ssh -o MACs=hmac-md5 OpenWrt /bin/true
time ssh -o MACs=hmac-sha1 OpenWrt /bin/true
time ssh -o MACs=hmac-sha2-256 OpenWrt /bin/true
time ssh -o MACs=hmac-sha2-512 OpenWrt /bin/true
Here are time needed to establish ssh connection
+---------+----------+----------+----------+----------+
|time\hmac| md5 | sha1 | sha256 | sha512 |
+---------+----------+----------+----------+----------+
| real | 0m3.526s | 0m3.631s | 0m3.519s | 0m3.543s |
| user | 0m0.015s | 0m0.061s | 0m0.015s | 0m0.031s |
| sys | 0m0.077s | 0m0.046s | 0m0.093s | 0m0.092s |
+---------+----------+----------+----------+----------+
Putty and Bitvise will try connecting using hmac-sha2-256 when
available, whereas OpenSSH will use hmac-md5 by default.
I hope this information will be a good reason for enabling sha2-based
hmac on dropbear by default.
Based off failed ciphers/macs
no matching cipher found: client rijndael-***@lysator.liu.se server
aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc
no matching mac found: client hmac-ripemd160-***@openssh.com server
hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5
for cipher in 3des-cbc 3des-ctr aes128-cbc aes256-cbc aes128-ctr
aes256-ctr; do for mac in hmac-md5 hmac-sha1 hmac-sha2-256
hmac-sha2-512; do echo ""; echo "cipher: $cipher"; echo "mac: $mac"; for
bah in 1 2 3; do dd if=/dev/zero bs=1M count=25 | ssh -c "$cipher" -m
"$mac" -o "Compression no" ***@openwrt.lan 'time cat - >/dev/null';
echo ""; sleep 2; done; done; done
OpenSSH_6.6.1 connecting to TP-Link 4300, time to transfer 26MiB of junk
to null. Best of three, my router is in use and not idle.
3des-cbc
+---------+----------+----------+----------+----------+
|time\hmac| md5 | sha1 | sha256 | sha512 |
+---------+----------+----------+----------+----------+
| real | 0m27.65s | 0m27.98s | 0m29.47s | 0m31.93s |
| user | 0m 0.05s | 0m 0.04s | 0m 0.02s | 0m 0.04s |
| sys | 0m 0.25s | 0m 0.22s | 0m 0.24s | 0m 0.22s |
+---------+----------+----------+----------+----------+
aes128-cbc
+---------+----------+----------+----------+----------+
|time\hmac| md5 | sha1 | sha256 | sha512 |
+---------+----------+----------+----------+----------+
| real | 0m12.07s | 0m12.62s | 0m13.61s | 0m16.05s |
| user | 0m 0.02s | 0m 0.03s | 0m 0.00s | 0m 0.02s |
| sys | 0m 0.27s | 0m 0.23s | 0m 0.21s | 0m 0.22s |
+---------+----------+----------+----------+----------+
aes256-cbc
+---------+----------+----------+----------+----------+
|time\hmac| md5 | sha1 | sha256 | sha512 |
+---------+----------+----------+----------+----------+
| real | 0m13.32s | 0m13.61s | 0m14.97s | 0m17.71s |
| user | 0m 0.02s | 0m 0.03s | 0m 0.03s | 0m 0.03s |
| sys | 0m 0.27s | 0m 0.23s | 0m 0.22s | 0m 0.28s |
+---------+----------+----------+----------+----------+
aes128-ctr
+---------+----------+----------+----------+----------+
|time\hmac| md5 | sha1 | sha256 | sha512 |
+---------+----------+----------+----------+----------+
| real | 0m12.64s | 0m12.80s | 0m13.74s | 0m16.19s |
| user | 0m 0.04s | 0m 0.02s | 0m 0.02s | 0m 0.01s |
| sys | 0m 0.18s | 0m 0.24s | 0m 0.17s | 0m 0.23s |
+---------+----------+----------+----------+----------+
aes256-ctr
+---------+----------+----------+----------+----------+
|time\hmac| md5 | sha1 | sha256 | sha512 |
+---------+----------+----------+----------+----------+
| real | 0m13.40s | 0m13.84s | 0m15.20s | 0m18.11s |
| user | 0m 0.01s | 0m 0.03s | 0m 0.02s | 0m 0.00s |
| sys | 0m 0.17s | 0m 0.16s | 0m 0.18s | 0m 0.24s |
+---------+----------+----------+----------+----------+
We should dump 3des-* and pick up arcfour*