The configuration of SSL protocols and ciphers on web servers has been the done thing for some time now. It is often overlooked that other services can also be configured in this way, even though a large number services offer this option. A good example of this is the SSH server OpenSSH.
SSH is a widely used protocol and most servers, for example, also still offer DSA host keys, which, however, have not been considered to be safe for quite some time. This article is intended to demonstrate how the configuration of OpenSSH server and client can be improved. The cipher suite and other parameters are also adjusted. Afterwards, the cipher suite may have to be specifically adjusted when connecting to an older server, which does not support any of the ciphers in the cipher suite. In the cipher suite, all NIST curves are purposely deactivated and Elliptical curves by Daniel J. Bernstein are activated. A current list of all possible ciphers and algorithms is available in the man page of ssh_config or can be retrieved using the ssh -Q command.
In addition to RSA, current distributions (tested with CentOS 7 and Debian Jessie) also support Ed25519 keys. If Ed25519 keys are not yet supported, the corresponding line should simply be deleted. The DSA host keys should always be deactivated, as they are considered unsafe.
HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ed25519_key
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
MACs [email protected],[email protected],[email protected]
If already supported, the following parameters can also be set:
HostKeyAlgorithms [email protected],[email protected],ssh-ed25519,ssh-rsa
FingerprintHash sha256
PubkeyAcceptedKeyTypes [email protected],[email protected],ssh-ed25519,ssh-rsa
Not all of the above-mentioned parameters and arguments are already available in OpenSSH 6.6. The corresponding options, depending on the version, simply have to be removed accordingly.
Current clients (CentOS 7 and Debian Jessie) should understand the following configuration. As clients are also frequently used to access older servers (or special devices such as network hardware), certain options such as Ciphers, KexAlgorithms or MACs may also need to be adapted.
Host *
HostKeyAlgorithms [email protected],[email protected],ssh-rsa
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
MACs [email protected],[email protected],[email protected]
FingerprintHash sha256
HostbasedKeyTypes [email protected],[email protected],ssh-ed25519,ssh-rsa
PubkeyAcceptedKeyTypes [email protected],[email protected],ssh-ed25519,ssh-rsa
Depending on the version installed, not all of the above-mentioned parameters and arguments are functional. The above-listed configuration was created with OpenSSH 7.4p1.
If a connection is made to an older SSH server which does not support the options, the output looks approximately as follows:
Unable to negotiate with SERVER port 22: no matching MAC found. Their offer: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
This can, for example, be resolved by calling up ssh with the option -o MACs=hmac-sha1 or by specifying the corresponding parameters for this sever in the configuration.
A tool called ssh-audit is available to test SSH servers. All the above-mentioned SSH server parameters were verified with this tool and partially expanded. An output can look similar to the following:
# general
(gen) banner: SSH-2.0-OpenSSH_7.4
(gen) software: OpenSSH 7.4
(gen) compatibility: OpenSSH 7.3+, Dropbear SSH 2016.73+
(gen) compression: enabled ([email protected])
# key exchange algorithms
(kex) [email protected] -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
# host-key algorithms
(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
(key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
# encryption algorithms (ciphers)
(enc) [email protected] -- [info] available since OpenSSH 6.5
`- [info] default cipher since OpenSSH 6.9.
(enc) [email protected] -- [info] available since OpenSSH 6.2
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
# message authentication code algorithms
(mac) [email protected] -- [info] available since OpenSSH 6.2
(mac) [email protected] -- [info] available since OpenSSH 6.2
# algorithm recommendations (for OpenSSH 7.4)
(rec) +aes128-ctr -- enc algorithm to append
(rec) +aes192-ctr -- enc algorithm to append
(rec) [email protected] -- enc algorithm to append
(rec) [email protected] -- mac algorithm to append
The last section, which provides additional recommendations, is particularly relevant here.
We use cookies to ensure you get the best experience on our website. By using our site, you agree to our cookie policy.