ssh hardening
“OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.”
goals:
- setup sshd_conf
- audit with
ssh-audit
re-generate rsa
and ed25519
keys
> rm /etc/ssh/ssh_host_*
> ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
> ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""
remove small diffie-hellmann
moduli
> awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe
> mv /etc/ssh/moduli.safe /etc/ssh/moduli
enable rsa
and ed25519
keys
> sed -i 's/^\#HostKey \/etc\/ssh\/ssh_host_\(rsa\|ed25519\)_key$/HostKey \/etc\/ssh\/ssh_host_\1_key/g' /etc/ssh/sshd_config
restrict supported key exchange, cipher, and MAC algorithms
> echo -e "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com" > /etc/ssh/sshd_config.d/ssh-audit_hardening.conf
restart sshd service
> systemctl restart sshd
example sshd_conf
igurations:
Protocol 2
Port 22
LoginGraceTime 120 #120 sec time to auth
PermitRootLogin no
AuthorizedKeysFile .ssh/authorized_keys
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no
SyslogFacility AUTH
LogLevel INFO
AddressFamily inet
MaxAuthTries 3
StrictModes yes
IgnoreRhosts yes
UseDNS no
HostbasedAuthentication no
ChallengeResponseAuthentication no
AuthenticationMethods publickey
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa
KexAlgorithms curve25519-sha256@libssh.org
X11Forwarding no
PrintMotd no
PrintLastLog yes
TCPKeepAlive no
Protocol 2
Port 2222 #change port
LoginGraceTime 120 #120 sec time to auth
PermitRootLogin no
AuthorizedKeysFile .ssh/authorized_keys
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no
ServerKeyBits 4096
KeyRegenerationInterval 3600
SyslogFacility AUTH
LogLevel INFO
AllowUsers username1 username2 #change username
AddressFamily inet
MaxAuthTries 3
StrictModes yes
IgnoreRhosts yes
UseDNS no
HostbasedAuthentication no
ChallengeResponseAuthentication no
AuthenticationMethods publickey #only key auth is allowed
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa
KexAlgorithms curve25519-sha256@libssh.org
X11Forwarding no
PrintMotd no
PrintLastLog yes
TCPKeepAlive no
UsePrivilegeSeparation yes #if possible
UsePAM yes #if needed
Protocol 2
Port 2222 #change port
LoginGraceTime 120 #120 sec time to auth
PermitRootLogin no
AuthorizedKeysFile .ssh/authorized_keys
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no
ServerKeyBits 4096
KeyRegenerationInterval 3600
SyslogFacility AUTH
LogLevel INFO
AllowUsers username1 username2 #change username
AddressFamily inet
MaxAuthTries 3
StrictModes yes
IgnoreRhosts yes
UseDNS no
HostbasedAuthentication no
ChallengeResponseAuthentication no
AuthenticationMethods publickey,keyboard-interactive #only key auth is allowed
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa
KexAlgorithms curve25519-sha256@libssh.org
X11Forwarding no
PrintMotd no
PrintLastLog yes
TCPKeepAlive no
UsePrivilegeSeparation yes #if possible
UsePAM yes #if needed
check sshd_conf with ssh-audit
## == clone jtesta fork of ssh-audit
> git clone https://github.com/jtesta/ssh-audit
> cd ssh-audit
> ./ssh-audit.py 192.168.1.22 -p2222
check git repo for more informations: jtesta/ssh-audit
read here why
ssh-rsa
sucks: practical SHA-1 collisions
20-12-2020