ssh hardening :: x33u — yet another website

“OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options."

goals:

setup sshd_conf
audit with ssh-audit

re-generate rsa and ed25519 keys

> rm /etc/ssh/ssh_host_*
> ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
> ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""

remove small diffie-hellmann moduli

> awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe
> mv /etc/ssh/moduli.safe /etc/ssh/moduli

enable rsa and ed25519 keys

> sed -i 's/^\#HostKey \/etc\/ssh\/ssh_host_\(rsa\|ed25519\)_key$/HostKey \/etc\/ssh\/ssh_host_\1_key/g' /etc/ssh/sshd_config

restrict supported key exchange, cipher, and MAC algorithms

> echo -e "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com" > /etc/ssh/sshd_config.d/ssh-audit_hardening.conf

restart sshd service

> systemctl restart sshd

example sshd_configurations:

shell sshd_conf - key login only ‘normal mode’


Protocol 2
Port 22
LoginGraceTime 120 #120 sec time to auth
PermitRootLogin no
AuthorizedKeysFile      .ssh/authorized_keys
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no
SyslogFacility AUTH
LogLevel INFO
AddressFamily inet
MaxAuthTries 3
StrictModes yes
IgnoreRhosts yes
UseDNS no
HostbasedAuthentication no
ChallengeResponseAuthentication no
AuthenticationMethods publickey
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa
KexAlgorithms curve25519-sha256@libssh.org
X11Forwarding no
PrintMotd no
PrintLastLog yes
TCPKeepAlive no

shell sshd_conf - key login only ‘strict mode’


Protocol 2
Port 2222 #change port
LoginGraceTime 120 #120 sec time to auth
PermitRootLogin no
AuthorizedKeysFile .ssh/authorized_keys
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no
ServerKeyBits 4096
KeyRegenerationInterval 3600
SyslogFacility AUTH
LogLevel INFO
AllowUsers username1 username2 #change username
AddressFamily inet
MaxAuthTries 3
StrictModes yes
IgnoreRhosts yes
UseDNS no
HostbasedAuthentication no
ChallengeResponseAuthentication no
AuthenticationMethods publickey #only key auth is allowed
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa
KexAlgorithms curve25519-sha256@libssh.org
X11Forwarding no
PrintMotd no
PrintLastLog yes
TCPKeepAlive no
UsePrivilegeSeparation yes #if possible
UsePAM yes #if needed

shell sshd_conf - key and passwd at the same time ‘grey hair mode’


Protocol 2
Port 2222 #change port
LoginGraceTime 120 #120 sec time to auth
PermitRootLogin no
AuthorizedKeysFile .ssh/authorized_keys
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no
ServerKeyBits 4096
KeyRegenerationInterval 3600
SyslogFacility AUTH
LogLevel INFO
AllowUsers username1 username2 #change username
AddressFamily inet
MaxAuthTries 3
StrictModes yes
IgnoreRhosts yes
UseDNS no
HostbasedAuthentication no
ChallengeResponseAuthentication no
AuthenticationMethods publickey,keyboard-interactive #only key auth is allowed
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa
KexAlgorithms curve25519-sha256@libssh.org
X11Forwarding no
PrintMotd no
PrintLastLog yes
TCPKeepAlive no
UsePrivilegeSeparation yes #if possible
UsePAM yes #if needed

check sshd_conf with ssh-audit

## == clone jtesta fork of ssh-audit
> git clone https://github.com/jtesta/ssh-audit
> cd ssh-audit
> ./ssh-audit.py 192.168.1.22 -p2222

check git repo for more informations: jtesta/ssh-audit

read here why ssh-rsa sucks: practical SHA-1 collisions

security | server | software | stuff

goals: