OpenSSH : Harden the service

Article published the ; modified the
3 minutes to read

This article has 549 words.
RAW source of the article:

Description

By default, even on OpenBSD, the SSH configuration is not the most secure.

NISTP Algorithms — likely to be an NSA backdoor; but beware, this is seem to be a rumor, even SHA1 are always used.

Warning

Configuration

  • Configuration file: /etc/ssh/sshd_config

Apply ABSOLUTELY this following recommandations:

  • Use only the v2 protocol,
  • Do not connect with root account
  • disable the PasswordAuthentication option
  • use only the PubkeyAuthentication option

Recreate host keys

$ cd /etc/ssh
# rm ssh_host_*
# ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N ""
# ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key -N "" -o -a 64
Info

Next, you need to pay attention to the following:

HostKey

Warning

Comment the HostKey options to keep only related RSA and ED25519 encryptions.

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
Tip

Ciphers

Allow those ciphers:

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com

KeyExchange

Focus on those KeyExchange algoritms:

KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org

HostKeyAlgorithms

The HostKeyAlgorithms:

HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com

Info

MACs

Choose those Message Authentication Codes:

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com

Moduli

The moduli file containt prime numbers and generators to be used by the SSH server in the DH group key exchange method.

Warning

Moduli / Linux

It is recommended to recreate it, in such a way:

awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe
mv /etc/ssh/moduli.safe /etc/ssh/moduli

Moduli / OpenBSD

Yes, it is possible to create, as:
ssh-keygen -G /etc/ssh/moduli -b 3072

Attention, the generation will be long and depends very strongly on the power of your server.

However, you should know that for a few years/versions, the file is already generated and happens to be in /etc/moduli

See moduli(5)

Sandbox

Warning

TL;DR

Here is a minimalist example of the secure configuration file on the server side:

Port 22
ListenAddress 192.168.xxx.yyy
ListenAddress fd00:abcd:efg0::1

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com

PermitRootLogin no

PubkeyAuthentication yes

AuthorizedKeysFile	.ssh/authorized_keys

PasswordAuthentication no

Troubleshooting

Bad key types

If you had this following error:
/etc/ssh/sshd_config line 26: Bad key types 'ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com'

Delete those sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com algorithms, and test again. If, OK, reload the service.

LoginGraceTime

Think to grow the value of the LoginGraceTime option. Using RSA + PKBDF, or ed25519 keys, require more time for connections. Egual, you will not see any error messages into the auth log.


Test

  • To check the configuration: # sshd -t

ssh-audit

It exists a tool, named ssh-audit to check if your configuration is secure.

Install and execute against your server as:

$ ssh-audit adresse-ip-serveur-ssh

  • You need to fix URGENTLY all red colored messages.
  • A green colored message mean OK

sshaudit on internet

It is possible to test too your server with the sshaudit website: https://www.sshaudit.com


Documentation

Manpages

Others