Re: [Libguestfs] [v2v PATCH 2/2] input-xen: replace "enable LEGACY crypto" advice with targeted ssh options

On Mon, Jul 11, 2022 at 09:01:57AM +0200, Laszlo Ersek wrote: > - "KexAlgorithms": the Fedora 35 ssh binary, using the DEFAULT > crypto-policy, cannot log in to RHEL5 sshd without relaxing > "KexAlgorithms". The server offers three algorithms: > "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", > "diffie-hellman-group1-sha1"; and according to RFC 9142, > "diffie-hellman-group14-sha1" is the least deprecated from those. (The > RFC marks it as MAY be implemented, and marks the other two as SHOULD > NOT be implemented.) Recommend "diffie-hellman-group14-sha1". > > - "MACs": the Fedora 35 ssh binary, using the FUTURE crypto-policy, cannot > log in to RHEL5 sshd without relaxing "MACs". The server offers > "hmac-md5", "hmac-sha1", "hmac-ripemd160", &quot;hmac-ripemd160(a)openssh.com&quot;, > "hmac-sha1-96", "hmac-md5-96". After eliminating the MD5-based algos > (MD5 is considered completely broken), and the one based on truncated > SHA1, we're left with "hmac-sha1", "hmac-ripemd160", and > &quot;hmac-ripemd160(a)openssh.com&quot;. RIPEMD-160 is generally trusted, but it is > compiled out of the Fedora 35 "ssh" client binary. Therefore only > "hmac-sha1" remains. > > - "HostKeyAlgorithms", "PubkeyAcceptedAlgorithms": these options control > the usage of public key algorithms, for authenticating the server to the > client, and vice versa, respectively. RHEL5 sshd only supports "ssh-rsa" > and "ssh-dss", and from those, "ssh-rsa" is more commonly used (for > example, "ssh-keygen" defaults to creating "ssh-rsa" keys). Recommend > "ssh-rsa". > > - "PubkeyAcceptedKeyTypes": this is the old ("legacy") name for > "PubkeyAcceptedAlgorithms". As of this writing, the latest upstream > release of libssh (also packaged in Fedora 35 -- libssh-0.9.6-1.fc35) > does not recognize the new "PubkeyAcceptedAlgorithms" option name, only > the original "PubkeyAcceptedKeyTypes". openssh-8.7p1-3.fc35 recognizes > both option variants. Include "PubkeyAcceptedKeyTypes" in the > recommendation along with "PubkeyAcceptedAlgorithms", for backward and > forward compatbility. > > Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2062360 > Signed-off-by: Laszlo Ersek <lersek(a)redhat.com&gt; > --- > docs/virt-v2v-input-xen.pod | 20 +++++++++++++++----- > 1 file changed, 15 insertions(+), 5 deletions(-) > > diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod > index afc4a019f13d..789853b4d194 100644 > --- a/docs/virt-v2v-input-xen.pod > +++ b/docs/virt-v2v-input-xen.pod > @@ -37,12 +37,22 @@ option is incomplete. Some operations remain that still require the > user to enter the password manually. Therefore ssh-agent is recommended > over the I<-ip> option. See L<https://bugzilla.redhat.com/1854275>;. > > -With some modern ssh implementations, legacy crypto policies required > -to interoperate with RHEL 5 sshd are disabled. To enable them you may > -need to run this command on the conversion server (ie. ssh client), > -but read L<update-crypto-policies(8)> first: > +With some modern ssh implementations, legacy crypto algorithms required > +to interoperate with RHEL 5 sshd are disabled. To enable them, you may > +need to add the following C<Host> stanza to your F<~/.ssh/config>: > > - # update-crypto-policies --set LEGACY > + Host xen.example.com > + KexAlgorithms +diffie-hellman-group14-sha1 > + MACs +hmac-sha1 > + HostKeyAlgorithms +ssh-rsa > + PubkeyAcceptedKeyTypes +ssh-rsa > + PubkeyAcceptedAlgorithms +ssh-rsa > + > +(C<PubkeyAcceptedKeyTypes> and C<PubkeyAcceptedAlgorithms> have > +identical meaning; the former is the old option name, the latter is the > +new one. Virt-v2v uses both C<libssh> and C<ssh> when converting a guest > +from Xen, and on some operating systems, C<libssh> and C<ssh> may not > +both accept the same option variant.) > > =head2 Test libvirt connection to remote Xen host For the series: Reviewed-by: Richard W.M. Jones <rjones(a)redhat.com&gt;