On Thu, Jan 25, 2024 at 8:37 PM Joseph S. Testa II < jtesta@xxxxxxxxxxxxxxxxxxxx> wrote: > Hi Kaushal, > > I maintain a set of SSH hardening guides for various platforms, > including RHEL 8. You can find them here: > https://ssh-audit.com/hardening_guides.html > > - Joe > > -- > Joseph S. Testa II > Founder & Principal Security Consultant > Positron Security > > On Thu, 2024-01-25 at 18:39 +0530, Kaushal Shriyan wrote: > > Hi, > > > > I am running the below servers on Red Hat Enterprise Linux release > > 8.7 > > (Ootpa). The details are as follows. > > > > # rpm -qa | grep openssh > > openssh-8.0p1-16.el8.x86_64 > > openssh-askpass-8.0p1-16.el8.x86_64 > > openssh-server-8.0p1-16.el8.x86_64 > > openssh-clients-8.0p1-16.el8.x86_64 > > > > # cat /etc/redhat-release > > Red Hat Enterprise Linux release 8.7 (Ootpa) > > # > > > > How do I enable strong KexAlgorithms, Ciphers and MACs in > > /etc/ssh/sshd_config file as per the above ssh server version. For > > example > > as per below setting. > > > > KexAlgorithms > > ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie- > > hellman-group-exchange-sha256 > > Ciphers chacha20-poly1305@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx, > > aes128-gcm@xxxxxxxxxxx,aes256-ctr,aes192-ctr,aes128-ctr > > MACs hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx, > > umac-128-etm@xxxxxxxxxxx,hmac-sha2-512,hmac-sha2-256, > > umac-128@xxxxxxxxxxx > > > > Please guide me. > > > > Thanks in advance. > > > > Best Regards, > > > > Kaushal > > _______________________________________________ > > openssh-unix-dev mailing list > > openssh-unix-dev@xxxxxxxxxxx > > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > > Hi Joe, Thanks Joe for the quick response and appreciate it. I have followed https://ssh-audit.com/hardening_guides.html#rhel8 and used https://github.com/jtesta/ssh-audit to check for any vulnerability. # ./ssh-audit.py # ssh-audit.py v3.2.0-dev, https://github.com/jtesta/ssh-audit usage: ssh-audit.py [options] <host> -h, --help print this help -1, --ssh1 force ssh version 1 only -2, --ssh2 force ssh version 2 only -4, --ipv4 enable IPv4 (order of precedence) -6, --ipv6 enable IPv6 (order of precedence) -b, --batch batch output -c, --client-audit starts a server on port 2222 to audit client software config (use -p to change port; use -t to change timeout) -d, --debug debug output -g, --gex-test=<x[,y,...]> dh gex modulus size test <min1:pref1:max1[,min2:pref2:max2,...]> <x-y[:step]> -j, --json JSON output (use -jj to enable indents) -l, --level=<level> minimum output level (info|warn|fail) -L, --list-policies list all the official, built-in policies --lookup=<alg1,alg2,...> looks up an algorithm(s) without connecting to a server -M, --make-policy=<policy.txt> creates a policy based on the target server (i.e.: the target server has the ideal configuration that other servers should adhere to) -m, --manual print the man page (Windows only) -n, --no-colors disable colors -p, --port=<port> port to connect -P, --policy=<policy.txt> run a policy test using the specified policy -t, --timeout=<secs> timeout (in seconds) for connection and reading (default: 5) -T, --targets=<hosts.txt> a file containing a list of target hosts (one per line, format HOST[:PORT]). Use --threads to control concurrent scans. --threads=<threads> number of threads to use when scanning multiple targets (-T/--targets) (default: 32) -v, --verbose verbose output # ./ssh-audit.py -vvv 192.168.0.108 Starting audit of 192.168.0.108:22... # general (gen) banner: SSH-2.0-OpenSSH_8.0 (gen) software: OpenSSH 8.0 (gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+ (gen) compression: enabled (zlib@xxxxxxxxxxx) # security (cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege escalation via supplemental groups (cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers (cve) CVE-2019-16905 -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow (cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 (kex) curve25519-sha256 -- [info] default key exchange since OpenSSH 6.4 (kex) curve25519-sha256@xxxxxxxxxx -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 (kex) curve25519-sha256@xxxxxxxxxx -- [info] default key exchange since OpenSSH 6.4 (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 (kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] available since OpenSSH 4.4 (kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 3072. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477). # host-key algorithms (key) rsa-sha2-512 (4096-bit) -- [info] available since OpenSSH 7.2 (key) rsa-sha2-256 (4096-bit) -- [info] available since OpenSSH 7.2 (key) ssh-ed25519 -- [info] available since OpenSSH 6.5 # encryption algorithms (ciphers) (enc) chacha20-poly1305@xxxxxxxxxxx -- [warn] vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation (enc) chacha20-poly1305@xxxxxxxxxxx -- [info] available since OpenSSH 6.5 (enc) chacha20-poly1305@xxxxxxxxxxx -- [info] default cipher since OpenSSH 6.9 (enc) aes256-gcm@xxxxxxxxxxx -- [info] available since OpenSSH 6.2 (enc) aes128-gcm@xxxxxxxxxxx -- [info] available since OpenSSH 6.2 (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 (enc) aes192-ctr -- [info] available since OpenSSH 3.7 (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 # message authentication code algorithms (mac) hmac-sha2-256-etm@xxxxxxxxxxx -- [info] available since OpenSSH 6.2 (mac) hmac-sha2-512-etm@xxxxxxxxxxx -- [info] available since OpenSSH 6.2 (mac) umac-128-etm@xxxxxxxxxxx -- [info] available since OpenSSH 6.2 # fingerprints (fin) ssh-ed25519: SHA256:LF2lloHchhKq5Y0gZa9MFsK/wBVTd2sadVjFortIBy8 (fin) ssh-ed25519: MD5:67:c2:e6:8d:23:13:8a:54:1e:75:ff:66:4e:1e:8b:87 -- [info] do not rely on MD5 fingerprints for server identification; it is insecure for this use case (fin) ssh-rsa: SHA256:nTCMABhBfu68qgS6PXAJHDFlahvVQB5LbMPx5hgWBZQ (fin) ssh-rsa: MD5:2d:ab:3a:4f:8e:dc:69:69:96:11:86:56:ce:a6:1a:c1 -- [info] do not rely on MD5 fingerprints for server identification; it is insecure for this use case # algorithm recommendations (for OpenSSH 8.0) (rec) -chacha20-poly1305@xxxxxxxxxxx -- enc algorithm to remove # additional info (nfo) For hardening guides on common OSes, please see: < https://www.ssh-audit.com/hardening_guides.html> # I am still seeing the below vulnerability. # security (cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege escalation via supplemental groups (cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers (cve) CVE-2019-16905 -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow (cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response # encryption algorithms (ciphers) (enc) chacha20-poly1305@xxxxxxxxxxx -- [warn] vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation # algorithm recommendations (for OpenSSH 8.0) (rec) -chacha20-poly1305@xxxxxxxxxxx -- enc algorithm to remove Please suggest further. Thanks in advance Best Regards, Kaushal _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
