Howto secure openssh-6.x
Since OpenSSH 6.x came out, a lot of new ciphers where introduced. I was wondering, which ones where the best and what I should use, and I read a few articles on the internet to find out.
I’m certainly not a cryptographer, so if you have any suggestions howto further improve the configuration below, feel free to contact me.
As a general statement, one should avoid ECDSA and use Ed25519 instead, and due to the fixed
key length of DSA that ssh-keygen
uses, DSA should also be avoided. RSA keys should be at least
2048 bits long, perhaps 4096 bits is the better choice.
Note: Most of the settings covered in this post are incompatible with openssh-5.x. Consider upgrading!
Availablility of openssh-6.x
- Ubuntu 14.04 ships with openssh-6.6
- Archlinux ships with newest openssh, due to its rolling release package management
- MacOS Mavericks ships with openssh-6.2, you can install openssh-6.6 using Homebrew
- Debian Wheezy ships openssh-6.0 (Note: Some covered settings are not compatible with OpenSSH < 6.4)
- RHEL 5.x ships openssh-5.4 :(
You can configure your ssh to prefer good ciphers on both, the client and the server side.
Securing the ssh client configuration
There’s two files you can configure your ssh client with
/etc/ssh/ssh_config
(Global configuration, for all users)~/.ssh/config
(Your users configuration)
Place the configuration for all hosts at the bottom of the file, and override this default settings with entries for individual hosts/networks with entries placed above (This is the way how the configuration file is read).
So we should start with settings for individual hosts. Here’s the settings I use for Github, as Github doesn’t support recent ciphers unfortunately :(
Host github.com
# Github doesn't support decent ciphers, using the best available
Ciphers aes256-ctr
MACs hmac-sha2-512
KexAlgorithms diffie-hellman-group14-sha1
IdentityFile ~/.ssh/id_rsa
In the same way, you can add cipher (as well as other) specifications for other hosts, e.g.:
# This is a host with OpenSSH < 6.4
Host myoldhost.com
User katie
HostKeyAlgorithms ssh-rsa
Ciphers aes256-ctr
MACs hmac-sha2-512
And finally, here’s the global defaults, using only secure ciphers.
Host *
# Use only secure ciphers
# Never use ECDSA/DSA, prefer Ed25519, use RSA as fallback
# In case you need to support openssh-server versions < 6.4,
# you need to add ssh-rsa, aes256-ctr and hmac-sha2-512 :(
#
# Update 2015-08-14: Remove ssh-rsa-cert-v00@openssh.com, was deprecated by openssh-7.0
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ssh-rsa-cert-v01@openssh.com
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
# Prefer Ed25519 over RSA, never use DSA/ECDSA
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
# Display randomart images of hostkeys
VisualHostKey yes
Securing openssh-server
Server side config resides in /etc/ssh/sshd_config
. I’m mostly covering the security/cipher related
configuration settings here. Basically, the configuration resembles the client configuration for
most of the settings.
# Using a non-standard ssh port is just security by obscurity
# Port 22
# In general, please use pub/priv authentication instead of passwords
PasswordAuthentication no
# Speedup login process on machines that have no proper DNS settings, protect
# privacy, no real security drawback
UseDNS no
# Use only secure ciphers
# Never use ECDSA/DSA, prefer Ed25519, use RSA as fallback
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
# Add aes256-ctr for compatibility with older clients
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
# Add hmac-sha2-512 for compatibility with older clients
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Issues
Ruby net/ssh library
The Ruby net/ssh library cannot deal with the new ciphers yet. I tried to fix the library, but couldn’t quite fix all the issues. Please see this pull request, and feel free to contribute!
Popular programs using this library are among others Vagrant and knife ssh.
There best workaround I found was overriding the SSH_AUTH_SOCK
variable when using those programs,
resulting in ignoring the unknown keys in ssh-agent:
SSH_AUTH_SOCK='' vagrant up
OpenSSH versions < 6.x
When dealing with OpenSSH clients/servers < 6.x, you might add more exceptions into your
ssh_config
resp. sshd_config
. The settings I use for Github above might be a good starting
point. ssh -v
usually gives good hints which ciphers you need to enable.
Chef sshd cookbook
If you want to deploy ssh configurations for multiple hosts, you might want to have a look on my sshd cookbook for Chef.