-
Notifications
You must be signed in to change notification settings - Fork 33
Secure Secure Shell
This is the wiki page for my Secure Secure Shell post.
If you know how to configure old OpenSSH versions, different SSH implementations running on various OSes (Linux distros, BSDs other Unix variants, Windows, etc), then please describe them here. The same goes for host specific configuration of popular SSH services. I cannot include every single special case in the main document but I think it is important to have them somewhere. My private environment consists exclusively of up to date OpenSSH versions running on Linux, with a few Dropbear servers for embedded stuff. I don't have the resources to test anything else.
As of version 9.84 RC10, AbsoluteTelnet supports the diffie-hellman-group-exchange-sha256 KEX, aes256-ctr cipher, and hmac-sha2-512 MAC.
Support for curve25519 KEX and chacha20 are on the wishlist.
sshd_config snippet:
# Allow only the most secure methods supported by AbsoluteTelnet (as of version 9.84 release candidate 10)
KexAlgorithms diffie-hellman-group-exchange-sha256
Ciphers aes256-ctr
MACs hmac-sha2-512
# Only allow 4096-byte RSA key
HostKey /etc/ssh/ssh_host_rsa_4096_key
Prior versions require a diffie-hillman-group14-sha1 KEX, aes256-ctr cipher, and hmac-sha1 MAC's.
KexAlgorithms diffie-hellman-group14-sha1
Ciphers aes256-ctr
MACs hmac-sha1
-- Rhyven
Google's Chrome SSH extension on ChromeBook works with sshd as configured according to the article.
Specifically, sshd_config contains:
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
hostkeyalgorithms [email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256
HostKey /media/state/etc/ssh/ssh_host_rsa_key
HostKey /media/state/etc/ssh/ssh_host_ed25519_key
For the server, I use a hardened ssh jump host docker container configured with an sshd_config and the settings shown above. Additionally, eliminate small moduli as shown in the build script.
For the client, I use a ChromeBook with Google's Chrome SSH extension.
You can test yourself using the repo at https://github.com/jumanjihouse/devenv.
ConnectBot 1.8.6-dirty (from F-Droid) needs
MACs hmac-sha1-96
Ciphers aes256-ctr
Earlier builds required even weaker settings. There's a bug open to help get ConnectBot up to snuff for this guide, so please contribute if you can. (The KEX part has been fixed already as a result of that bug.)
RHEL 5 and newer generate 2048-bit RSA host keys by default.
RHEL/CentOS 5 uses a very old version of OpenSSH, 4.3p2, which supports very few strong ciphers, does not support SHA-2, and does not support specifying KexAlgorithms (it is hardcoded to diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1). The best you can do is:
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-ripemd160
RHEL 6 uses OpenSSH 5.3p1.
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
RHEL 7.1 uses OpenSSH 6.6.1p1, including curve25519 and chacha20-poly1305, and can be configured exactly as given in the original post.
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]
RHEL 7.0 uses OpenSSH 6.4p1, just a bit too old to have curve25519 or chacha20-poly1305.
HostKey /etc/ssh/ssh_host_rsa_key
Ciphers [email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms diffie-hellman-group-exchange-sha256
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]
Debian 7 / wheezy uses OpenSSH 6.0p1
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
Debian 7 / wheezy-backports uses OpenSSH 6.6.1p1, see note about curve25519.
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]
(note: OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the [email protected] KEX exchange method to fail when connecting with something that implements the specification correctly. OpenSSH 6.7 disables this KEX method when speaking to one of the affected versions.)
Debian 8 / jessie uses OpenSSH 6.7p1
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]
-- bofhbug
ssh_config snippet:
Match user kdeconnect
KexAlgorithms diffie-hellman-group14-sha1
HostKeyAlgorithms ssh-dss
MACs hmac-sha1
The nightly build supports all recommended settings.
Heroku needs HMAC-SHA1 and 1024 bit DH. Use at your own risk.
Host heroku.com
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]
Host github.com
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
Ciphers [email protected],aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc
MACs hmac-sha2-256,hmac-sha2-512,hmac-sha1