OpenSSH : Harden the service

Article published the18 September 2020 ; modified the22 April 2022
3 minutes to read

This article has 549 words.
RAW source of the article:
Commit version: bfa7829

Description

By default, even on OpenBSD, the SSH configuration is not the most secure.

NISTP Algorithms — likely to be an NSA backdoor; but beware, this is seem to be a rumor, even SHA1 are always used.

Warning

Use absolutly an OpenSSH version greater than the v6.5!

Configuration

Configuration file: /etc/ssh/sshd_config

Apply ABSOLUTELY this following recommandations:

Use only the v2 protocol,
Do not connect with root account
disable the PasswordAuthentication option
use only the PubkeyAuthentication option

Recreate host keys

$ cd /etc/ssh
# rm ssh_host_*
# ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N ""
# ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key -N "" -o -a 64

Info

Do not use passphrase during the generation, otherwise the server will not be able to read them…

Anyway, the /var/log/auth file will help you!

Next, you need to pay attention to the following:

HostKey

Warning

DO NOT USE the DSA, ECDSA protocols!

Comment the HostKey options to keep only related RSA and ED25519 encryptions.

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

Tip

You can use only elliptic curves keys, such ed25519. In this case, make sure that all your SSH clients can use this encryption mode too.

Ciphers

Allow those ciphers:

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com

KeyExchange

Focus on those KeyExchange algoritms:

KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org

HostKeyAlgorithms

The HostKeyAlgorithms:

HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com

Info

Segun you OpenSSH version, it’s possible to obtain a error message. See the section “Troubleshooting “!

MACs

Choose those Message Authentication Codes:

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com

Moduli

The moduli file containt prime numbers and generators to be used by the SSH server in the DH group key exchange method.

Warning

Since 2017, this bug #2793 explains that in some contexts the proper functioning fails, following recommendations below.

If you can no longer login, consider reversing this change!

Moduli / Linux

It is recommended to recreate it, in such a way:

awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe
mv /etc/ssh/moduli.safe /etc/ssh/moduli

Moduli / OpenBSD

Yes, it is possible to create, as: ssh-keygen -G /etc/ssh/moduli -b 3072

Attention, the generation will be long and depends very strongly on the power of your server.

However, you should know that for a few years/versions, the file is already generated and happens to be in /etc/moduli

See moduli(5)

Sandbox

Warning

Since v7.5, this is an deprecated and obsolete option!

Do not use it anymore!

TL;DR

Here is a minimalist example of the secure configuration file on the server side:

Port 22
ListenAddress 192.168.xxx.yyy
ListenAddress fd00:abcd:efg0::1

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com

PermitRootLogin no

PubkeyAuthentication yes

AuthorizedKeysFile	.ssh/authorized_keys

PasswordAuthentication no

Troubleshooting

Bad key types

If you had this following error: /etc/ssh/sshd_config line 26: Bad key types 'ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com'

Delete those sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com algorithms, and test again. If, OK, reload the service.

LoginGraceTime

Think to grow the value of the LoginGraceTime option. Using RSA + PKBDF, or ed25519 keys, require more time for connections. Egual, you will not see any error messages into the auth log.

Test

To check the configuration: # sshd -t

ssh-audit

It exists a tool, named ssh-audit to check if your configuration is secure.

Install and execute against your server as:

$ ssh-audit adresse-ip-serveur-ssh

You need to fix URGENTLY all red colored messages.
A green colored message mean OK

sshaudit on internet

It is possible to test too your server with the sshaudit website: https://www.sshaudit.com

Documentation

Manpages

sshd(8) , sshd_config(5) , sftp-server(8)
moduli(5)

Description

Configuration

Recreate host keys

HostKey

Ciphers

KeyExchange

HostKeyAlgorithms

MACs

Moduli

Moduli / Linux

Moduli / OpenBSD

Sandbox

TL;DR

Troubleshooting

Bad key types

LoginGraceTime

Test

ssh-audit

sshaudit on internet

Documentation

Manpages

Others