enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
Kaushal Shriyan
kaushalshriyan at gmail.com
Sat Jan 27 00:35:16 AEDT 2024
On Thu, Jan 25, 2024 at 8:37 PM Joseph S. Testa II <
jtesta at positronsecurity.com> wrote:
> Hi Kaushal,
>
> I maintain a set of SSH hardening guides for various platforms,
> including RHEL 8. You can find them here:
> https://ssh-audit.com/hardening_guides.html
>
> - Joe
>
> --
> Joseph S. Testa II
> Founder & Principal Security Consultant
> Positron Security
>
> On Thu, 2024-01-25 at 18:39 +0530, Kaushal Shriyan wrote:
> > Hi,
> >
> > I am running the below servers on Red Hat Enterprise Linux release
> > 8.7
> > (Ootpa). The details are as follows.
> >
> > # rpm -qa | grep openssh
> > openssh-8.0p1-16.el8.x86_64
> > openssh-askpass-8.0p1-16.el8.x86_64
> > openssh-server-8.0p1-16.el8.x86_64
> > openssh-clients-8.0p1-16.el8.x86_64
> >
> > # cat /etc/redhat-release
> > Red Hat Enterprise Linux release 8.7 (Ootpa)
> > #
> >
> > How do I enable strong KexAlgorithms, Ciphers and MACs in
> > /etc/ssh/sshd_config file as per the above ssh server version. For
> > example
> > as per below setting.
> >
> > KexAlgorithms
> > ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-
> > hellman-group-exchange-sha256
> > Ciphers chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com,
> > aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> > MACs hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,
> > umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,
> > umac-128 at openssh.com
> >
> > Please guide me.
> >
> > Thanks in advance.
> >
> > Best Regards,
> >
> > Kaushal
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
>
Hi Joe,
Thanks Joe for the quick response and appreciate it. I have followed
https://ssh-audit.com/hardening_guides.html#rhel8 and used
https://github.com/jtesta/ssh-audit to check for any vulnerability.
# ./ssh-audit.py
# ssh-audit.py v3.2.0-dev, https://github.com/jtesta/ssh-audit
usage: ssh-audit.py [options] <host>
-h, --help print this help
-1, --ssh1 force ssh version 1 only
-2, --ssh2 force ssh version 2 only
-4, --ipv4 enable IPv4 (order of precedence)
-6, --ipv6 enable IPv6 (order of precedence)
-b, --batch batch output
-c, --client-audit starts a server on port 2222 to audit client
software config (use -p to change port;
use -t to change timeout)
-d, --debug debug output
-g, --gex-test=<x[,y,...]> dh gex modulus size test
<min1:pref1:max1[,min2:pref2:max2,...]>
<x-y[:step]>
-j, --json JSON output (use -jj to enable indents)
-l, --level=<level> minimum output level (info|warn|fail)
-L, --list-policies list all the official, built-in policies
--lookup=<alg1,alg2,...> looks up an algorithm(s) without
connecting to a server
-M, --make-policy=<policy.txt> creates a policy based on the target
server
(i.e.: the target server has the ideal
configuration that other servers should
adhere to)
-m, --manual print the man page (Windows only)
-n, --no-colors disable colors
-p, --port=<port> port to connect
-P, --policy=<policy.txt> run a policy test using the specified policy
-t, --timeout=<secs> timeout (in seconds) for connection and reading
(default: 5)
-T, --targets=<hosts.txt> a file containing a list of target hosts (one
per line, format HOST[:PORT]). Use
--threads
to control concurrent scans.
--threads=<threads> number of threads to use when scanning
multiple
targets (-T/--targets) (default: 32)
-v, --verbose verbose output
# ./ssh-audit.py -vvv 192.168.0.108
Starting audit of 192.168.0.108:22...
# general
(gen) banner: SSH-2.0-OpenSSH_8.0
(gen) software: OpenSSH 8.0
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
(gen) compression: enabled (zlib at openssh.com)
# security
(cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege
escalation via supplemental groups
(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command
injection via anomalous argument transfers
(cve) CVE-2019-16905 -- (CVSSv2: 7.8) memory
corruption and local code execution via pre-authentication integer overflow
(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate
usernames via challenge response
# key exchange algorithms
(kex) curve25519-sha256 -- [info] available since
OpenSSH 7.4, Dropbear SSH 2018.76
(kex) curve25519-sha256 -- [info] default key exchange
since OpenSSH 6.4
(kex) curve25519-sha256 at libssh.org -- [info] available since
OpenSSH 6.4, Dropbear SSH 2013.62
(kex) curve25519-sha256 at libssh.org -- [info] default key exchange
since OpenSSH 6.4
(kex) diffie-hellman-group16-sha512 -- [info] available since
OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group18-sha512 -- [info] available since
OpenSSH 7.3
(kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] available
since OpenSSH 4.4
(kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] OpenSSH's
GEX fallback mechanism was triggered during testing. Very old SSH clients
will still be able to create connections using a 2048-bit modulus, though
modern clients will use 3072. This can only be disabled by recompiling the
code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).
# host-key algorithms
(key) rsa-sha2-512 (4096-bit) -- [info] available since
OpenSSH 7.2
(key) rsa-sha2-256 (4096-bit) -- [info] available since
OpenSSH 7.2
(key) ssh-ed25519 -- [info] available since
OpenSSH 6.5
# encryption algorithms (ciphers)
(enc) chacha20-poly1305 at openssh.com -- [warn] vulnerable to the
Terrapin attack (CVE-2023-48795), allowing message prefix truncation
(enc) chacha20-poly1305 at openssh.com -- [info] available since
OpenSSH 6.5
(enc) chacha20-poly1305 at openssh.com -- [info] default cipher since
OpenSSH 6.9
(enc) aes256-gcm at openssh.com -- [info] available since
OpenSSH 6.2
(enc) aes128-gcm at openssh.com -- [info] available since
OpenSSH 6.2
(enc) aes256-ctr -- [info] available since
OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr -- [info] available since
OpenSSH 3.7
(enc) aes128-ctr -- [info] available since
OpenSSH 3.7, Dropbear SSH 0.52
# message authentication code algorithms
(mac) hmac-sha2-256-etm at openssh.com -- [info] available since
OpenSSH 6.2
(mac) hmac-sha2-512-etm at openssh.com -- [info] available since
OpenSSH 6.2
(mac) umac-128-etm at openssh.com -- [info] available since
OpenSSH 6.2
# fingerprints
(fin) ssh-ed25519: SHA256:LF2lloHchhKq5Y0gZa9MFsK/wBVTd2sadVjFortIBy8
(fin) ssh-ed25519: MD5:67:c2:e6:8d:23:13:8a:54:1e:75:ff:66:4e:1e:8b:87 --
[info] do not rely on MD5 fingerprints for server identification; it is
insecure for this use case
(fin) ssh-rsa: SHA256:nTCMABhBfu68qgS6PXAJHDFlahvVQB5LbMPx5hgWBZQ
(fin) ssh-rsa: MD5:2d:ab:3a:4f:8e:dc:69:69:96:11:86:56:ce:a6:1a:c1 --
[info] do not rely on MD5 fingerprints for server identification; it is
insecure for this use case
# algorithm recommendations (for OpenSSH 8.0)
(rec) -chacha20-poly1305 at openssh.com -- enc algorithm to remove
# additional info
(nfo) For hardening guides on common OSes, please see: <
https://www.ssh-audit.com/hardening_guides.html>
#
I am still seeing the below vulnerability.
# security
(cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege
escalation via supplemental groups
(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command
injection via anomalous argument transfers
(cve) CVE-2019-16905 -- (CVSSv2: 7.8) memory
corruption and local code execution via pre-authentication integer overflow
(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate
usernames via challenge response
# encryption algorithms (ciphers)
(enc) chacha20-poly1305 at openssh.com -- [warn] vulnerable to the
Terrapin attack (CVE-2023-48795), allowing message prefix truncation
# algorithm recommendations (for OpenSSH 8.0)
(rec) -chacha20-poly1305 at openssh.com -- enc algorithm to remove
Please suggest further. Thanks in advance
Best Regards,
Kaushal
More information about the openssh-unix-dev
mailing list