enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS

Kaushal Shriyan kaushalshriyan at gmail.com
Sat Jan 27 00:35:16 AEDT 2024


On Thu, Jan 25, 2024 at 8:37 PM Joseph S. Testa II <
jtesta at positronsecurity.com> wrote:

> Hi Kaushal,
>
>    I maintain a set of SSH hardening guides for various platforms,
> including RHEL 8.  You can find them here:
> https://ssh-audit.com/hardening_guides.html
>
>    - Joe
>
> --
> Joseph S. Testa II
> Founder & Principal Security Consultant
> Positron Security
>
> On Thu, 2024-01-25 at 18:39 +0530, Kaushal Shriyan wrote:
> > Hi,
> >
> > I am running the below servers on Red Hat Enterprise Linux release
> > 8.7
> > (Ootpa). The details are as follows.
> >
> > # rpm -qa | grep openssh
> > openssh-8.0p1-16.el8.x86_64
> > openssh-askpass-8.0p1-16.el8.x86_64
> > openssh-server-8.0p1-16.el8.x86_64
> > openssh-clients-8.0p1-16.el8.x86_64
> >
> > # cat /etc/redhat-release
> > Red Hat Enterprise Linux release 8.7 (Ootpa)
> > #
> >
> > How do I enable strong KexAlgorithms, Ciphers and MACs in
> > /etc/ssh/sshd_config file as per the above ssh server version. For
> > example
> > as per below setting.
> >
> > KexAlgorithms
> > ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-
> > hellman-group-exchange-sha256
> > Ciphers chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com,
> > aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> > MACs hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,
> > umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,
> > umac-128 at openssh.com
> >
> > Please guide me.
> >
> > Thanks in advance.
> >
> > Best Regards,
> >
> > Kaushal
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
>
Hi Joe,

Thanks Joe for the quick response and appreciate it. I have followed
https://ssh-audit.com/hardening_guides.html#rhel8 and used
https://github.com/jtesta/ssh-audit to check for any vulnerability.

# ./ssh-audit.py
# ssh-audit.py v3.2.0-dev, https://github.com/jtesta/ssh-audit

usage: ssh-audit.py [options] <host>

   -h,  --help             print this help
   -1,  --ssh1             force ssh version 1 only
   -2,  --ssh2             force ssh version 2 only
   -4,  --ipv4             enable IPv4 (order of precedence)
   -6,  --ipv6             enable IPv6 (order of precedence)
   -b,  --batch            batch output
   -c,  --client-audit     starts a server on port 2222 to audit client
                               software config (use -p to change port;
                               use -t to change timeout)
   -d,  --debug            debug output
   -g,  --gex-test=<x[,y,...]>  dh gex modulus size test
                   <min1:pref1:max1[,min2:pref2:max2,...]>
                   <x-y[:step]>
   -j,  --json             JSON output (use -jj to enable indents)
   -l,  --level=<level>    minimum output level (info|warn|fail)
   -L,  --list-policies    list all the official, built-in policies
        --lookup=<alg1,alg2,...>    looks up an algorithm(s) without
                                    connecting to a server
   -M,  --make-policy=<policy.txt>  creates a policy based on the target
server
                                    (i.e.: the target server has the ideal
                                    configuration that other servers should
                                    adhere to)
   -m,  --manual           print the man page (Windows only)
   -n,  --no-colors        disable colors
   -p,  --port=<port>      port to connect
   -P,  --policy=<policy.txt>  run a policy test using the specified policy
   -t,  --timeout=<secs>   timeout (in seconds) for connection and reading
                               (default: 5)
   -T,  --targets=<hosts.txt>  a file containing a list of target hosts (one
                                   per line, format HOST[:PORT]).  Use
--threads
                                   to control concurrent scans.
        --threads=<threads>    number of threads to use when scanning
multiple
                                   targets (-T/--targets) (default: 32)
   -v,  --verbose          verbose output

# ./ssh-audit.py -vvv 192.168.0.108
Starting audit of 192.168.0.108:22...
# general
(gen) banner: SSH-2.0-OpenSSH_8.0
(gen) software: OpenSSH 8.0
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
(gen) compression: enabled (zlib at openssh.com)

# security
(cve) CVE-2021-41617                        -- (CVSSv2: 7.0) privilege
escalation via supplemental groups
(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command
injection via anomalous argument transfers
(cve) CVE-2019-16905                        -- (CVSSv2: 7.8) memory
corruption and local code execution via pre-authentication integer overflow
(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate
usernames via challenge response

# key exchange algorithms
(kex) curve25519-sha256                     -- [info] available since
OpenSSH 7.4, Dropbear SSH 2018.76
(kex) curve25519-sha256                     -- [info] default key exchange
since OpenSSH 6.4
(kex) curve25519-sha256 at libssh.org          -- [info] available since
OpenSSH 6.4, Dropbear SSH 2013.62
(kex) curve25519-sha256 at libssh.org          -- [info] default key exchange
since OpenSSH 6.4
(kex) diffie-hellman-group16-sha512         -- [info] available since
OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group18-sha512         -- [info] available since
OpenSSH 7.3
(kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] available
since OpenSSH 4.4
(kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] OpenSSH's
GEX fallback mechanism was triggered during testing. Very old SSH clients
will still be able to create connections using a 2048-bit modulus, though
modern clients will use 3072. This can only be disabled by recompiling the
code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).

# host-key algorithms
(key) rsa-sha2-512 (4096-bit)               -- [info] available since
OpenSSH 7.2
(key) rsa-sha2-256 (4096-bit)               -- [info] available since
OpenSSH 7.2
(key) ssh-ed25519                           -- [info] available since
OpenSSH 6.5

# encryption algorithms (ciphers)
(enc) chacha20-poly1305 at openssh.com         -- [warn] vulnerable to the
Terrapin attack (CVE-2023-48795), allowing message prefix truncation
(enc) chacha20-poly1305 at openssh.com         -- [info] available since
OpenSSH 6.5
(enc) chacha20-poly1305 at openssh.com         -- [info] default cipher since
OpenSSH 6.9
(enc) aes256-gcm at openssh.com                -- [info] available since
OpenSSH 6.2
(enc) aes128-gcm at openssh.com                -- [info] available since
OpenSSH 6.2
(enc) aes256-ctr                            -- [info] available since
OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr                            -- [info] available since
OpenSSH 3.7
(enc) aes128-ctr                            -- [info] available since
OpenSSH 3.7, Dropbear SSH 0.52

# message authentication code algorithms
(mac) hmac-sha2-256-etm at openssh.com         -- [info] available since
OpenSSH 6.2
(mac) hmac-sha2-512-etm at openssh.com         -- [info] available since
OpenSSH 6.2
(mac) umac-128-etm at openssh.com              -- [info] available since
OpenSSH 6.2

# fingerprints
(fin) ssh-ed25519: SHA256:LF2lloHchhKq5Y0gZa9MFsK/wBVTd2sadVjFortIBy8
(fin) ssh-ed25519: MD5:67:c2:e6:8d:23:13:8a:54:1e:75:ff:66:4e:1e:8b:87 --
[info] do not rely on MD5 fingerprints for server identification; it is
insecure for this use case
(fin) ssh-rsa: SHA256:nTCMABhBfu68qgS6PXAJHDFlahvVQB5LbMPx5hgWBZQ
(fin) ssh-rsa: MD5:2d:ab:3a:4f:8e:dc:69:69:96:11:86:56:ce:a6:1a:c1 --
[info] do not rely on MD5 fingerprints for server identification; it is
insecure for this use case

# algorithm recommendations (for OpenSSH 8.0)
(rec) -chacha20-poly1305 at openssh.com        -- enc algorithm to remove

# additional info
(nfo) For hardening guides on common OSes, please see: <
https://www.ssh-audit.com/hardening_guides.html>

#

I am still seeing the below vulnerability.

# security
(cve) CVE-2021-41617                        -- (CVSSv2: 7.0) privilege
escalation via supplemental groups
(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command
injection via anomalous argument transfers
(cve) CVE-2019-16905                        -- (CVSSv2: 7.8) memory
corruption and local code execution via pre-authentication integer overflow
(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate
usernames via challenge response

# encryption algorithms (ciphers)
(enc) chacha20-poly1305 at openssh.com         -- [warn] vulnerable to the
Terrapin attack (CVE-2023-48795), allowing message prefix truncation

# algorithm recommendations (for OpenSSH 8.0)
(rec) -chacha20-poly1305 at openssh.com        -- enc algorithm to remove

Please suggest further. Thanks in advance

Best Regards,

Kaushal


More information about the openssh-unix-dev mailing list