Since OpenSSH 6.x came out, a lot of new ciphers where introduced. I was wondering, which ones where the best and what I should use, and I read a few articles on the internet to find out.
I’m certainly not a cryptographer, so if you have any suggestions howto further improve the configuration below, feel free to contact me.
As a general statement, one should avoid ECDSA and use Ed25519 instead, and due to the fixed
key length of DSA that
ssh-keygen uses, DSA should also be avoided. RSA keys should be at least
2048 bits long, perhaps 4096 bits is the better choice.
Note: Most of the settings covered in this post are incompatible with openssh-5.x. Consider upgrading!
Availablility of openssh-6.x
- Ubuntu 14.04 ships with openssh-6.6
- Archlinux ships with newest openssh, due to its rolling release package management
- MacOS Mavericks ships with openssh-6.2, you can install openssh-6.6 using Homebrew
- Debian Wheezy ships openssh-6.0 (Note: Some covered settings are not compatible with OpenSSH < 6.4)
- RHEL 5.x ships openssh-5.4 :(
You can configure your ssh to prefer good ciphers on both, the client and the server side.
Securing the ssh client configuration
There’s two files you can configure your ssh client with
/etc/ssh/ssh_config(Global configuration, for all users)
~/.ssh/config(Your users configuration)
Place the configuration for all hosts at the bottom of the file, and override this default settings with entries for individual hosts/networks with entries placed above (This is the way how the configuration file is read).
So we should start with settings for individual hosts. Here’s the settings I use for Github, as Github doesn’t support recent ciphers unfortunately :(
Host github.com # Github doesn't support decent ciphers, using the best available Ciphers aes256-ctr MACs hmac-sha2-512 KexAlgorithms diffie-hellman-group14-sha1 IdentityFile ~/.ssh/id_rsa
In the same way, you can add cipher (as well as other) specifications for other hosts, e.g.:
# This is a host with OpenSSH < 6.4 Host myoldhost.com User katie HostKeyAlgorithms ssh-rsa Ciphers aes256-ctr MACs hmac-sha2-512
And finally, here’s the global defaults, using only secure ciphers.
Host * # Use only secure ciphers # Never use ECDSA/DSA, prefer Ed25519, use RSA as fallback # In case you need to support openssh-server versions < 6.4, # you need to add ssh-rsa, aes256-ctr and hmac-sha2-512 :( # # Update 2015-08-14: Remove firstname.lastname@example.org, was deprecated by openssh-7.0 HostKeyAlgorithms email@example.com,ssh-ed25519,firstname.lastname@example.org Ciphers email@example.com,firstname.lastname@example.org MACs email@example.com,firstname.lastname@example.org,email@example.com KexAlgorithms firstname.lastname@example.org,diffie-hellman-group-exchange-sha256 # Prefer Ed25519 over RSA, never use DSA/ECDSA IdentityFile ~/.ssh/id_ed25519 IdentityFile ~/.ssh/id_rsa # Display randomart images of hostkeys VisualHostKey yes
Server side config resides in
/etc/ssh/sshd_config. I’m mostly covering the security/cipher related
configuration settings here. Basically, the configuration resembles the client configuration for
most of the settings.
# Using a non-standard ssh port is just security by obscurity # Port 22 # In general, please use pub/priv authentication instead of passwords PasswordAuthentication no # Speedup login process on machines that have no proper DNS settings, protect # privacy, no real security drawback UseDNS no # Use only secure ciphers # Never use ECDSA/DSA, prefer Ed25519, use RSA as fallback HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_rsa_key # Add aes256-ctr for compatibility with older clients Ciphers email@example.com,firstname.lastname@example.org # Add hmac-sha2-512 for compatibility with older clients MACs email@example.com,firstname.lastname@example.org,email@example.com KexAlgorithms firstname.lastname@example.org,diffie-hellman-group-exchange-sha256
Ruby net/ssh library
There best workaround I found was overriding the
SSH_AUTH_SOCK variable when using those programs,
resulting in ignoring the unknown keys in ssh-agent:
SSH_AUTH_SOCK='' vagrant up
OpenSSH versions < 6.x
When dealing with OpenSSH clients/servers < 6.x, you might add more exceptions into your
sshd_config. The settings I use for Github above might be a good starting
ssh -v usually gives good hints which ciphers you need to enable.
Chef sshd cookbook
If you want to deploy ssh configurations for multiple hosts, you might want to have a look on my sshd cookbook for Chef.