chore(sshd): exclude deprecated SSHv2 key exchange algorithms

[pdomagala]

According to: https://infosec.mozilla.org/guidelines/openssh#Configuration

[kingdonb]

We should also upgrade deis/base, per your suggestion... I can see that we have built a newer base, but it does not appear to be used in builder at least. This smaller patch looks a lot less likely to cause issues though, as that upgrade to base represents an upgrade between LTS releases of the underlying Ubuntu image, to 18.04.

Thanks for the contribution!

[Cryptophobia]

Just requesting a small change to change the list order of the Ciphers and KexAlgorithms and use GCM instead of CBC for the Ciphers.

[Cryptophobia]

Also from the link you posted in mozzila.org:

Looks like we should list chacha20-poly before aes-gcm or others.

Ciphers and algorithms choice

    When CHACHA20 (OpenSSH 6.5+) is not available, AES-GCM (OpenSSH 6.1+) and any other algorithm using EtM (Encrypt then MAC) disclose the packet length - giving some information to the attacker. Only recent OpenSSH servers and client support CHACHA20.
    NIST curves (ecdh-sha2-nistp512,ecdh-sha2-nistp384,ecdh-sha2-nistp256) are listed for compatibility, but the use of curve25519 is generally preferred.
    SSH protocol 2 supports DH and ECDH key-exchange as well as forward secrecy. Regarding group sizes, please refer to Key management Guidelines.

The various algorithms supported by a particular OpenSSH version can be listed with the following commands:

$ ssh -Q cipher
$ ssh -Q cipher-auth
$ ssh -Q mac
$ ssh -Q kex
$ ssh -Q key

In our current deis-builder image these command yield the following:

$ ssh -Q cipher

3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

$ ssh -Q cipher-auth

aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

$ ssh -Q mac

hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com

ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256@libssh.org

$ ssh -Q key

ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com

$ sshd -v

OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
...

[Cryptophobia]

@pdomagala , okay looks great! Sorry to bother you again but since we are here, one more single line change. Could we change the LogLevel on the sshd_config to Verbose. I read that this LogLevel logs the ssh key fingerprints for better auditing and is a nice security feature to have without compromising any security.

Line 9 should read:

LogLevel VERBOSE

https://www.ssh.com/ssh/sshd_config/#sec-Verbose-logging

[pdomagala]

@Cryptophobia done!

[Cryptophobia]

LGTM! 💯