From acbc561fcc66fcfc1a013cab4033fa272f7c5643 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 29 Feb 2020 08:25:02 +0100 Subject: [PATCH] shell: ssh_config, sshd_config: update algorithms --- shell/ssh_config | 23 ++++++++++++++++------- shell/sshd_config | 10 ++++------ 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/shell/ssh_config b/shell/ssh_config index 09995ab..69bc197 100644 --- a/shell/ssh_config +++ b/shell/ssh_config @@ -3,7 +3,7 @@ # Some options are set even if they are default to prevent /etc/ssh/ssh_config # from overwriting them. -# Copyright (C) 2011-2016 Simon Ruderich +# Copyright (C) 2011-2020 Simon Ruderich # # This file is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -49,7 +49,7 @@ Host * # Don't use SHA1 and disable elliptic curves whose security regarding the # parameters is still in debate. - KexAlgorithms diffie-hellman-group-exchange-sha256 + KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512 # Use stronger cipher versions. Disable CBC ciphers to prevent (unlikely) # plaintext recovery attack [1], disable RC4 because it's broken [2]; this # leaves only AES. No GCM ciphers yet because they are still very new. @@ -64,11 +64,20 @@ Host * # in SSH [1] (available since 6.2). # # [1]: http://cseweb.ucsd.edu/~mihir/papers/oem.html - MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512 -# Disable DSA host keys because they are weak (only 1024 bit) and elliptic -# curves. I don't need certificates, therefore disable those algorithms as -# well (*-cert-*). - HostKeyAlgorithms ssh-rsa + MACs hmac-sha2-512-etm@openssh.com +# Disable ssh-rsa which is vulnerable to recent chosen prefix attacks against +# SHA1 [1][2]. Disable elliptic curves whose security regarding the parameters +# is still in debate. I don't need certificates, therefore disable those +# algorithms as well (*-cert-*). +# +# [1]: https://www.openssh.com/txt/release-8.2 +# [2]: "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and +# Application to the PGP Web of Trust" Leurent, G and Peyrin, T (2020) +# https://eprint.iacr.org/2020/014.pdf + HostKeyAlgorithms rsa-sha2-512 +# Also disable weak algorithms for public key authentication. Use a blacklist +# because multiple algorithms might be already in use. + PubkeyAcceptedKeyTypes -ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com # Disable X11 and agent forwarding for security reasons (defaults). ForwardX11 no diff --git a/shell/sshd_config b/shell/sshd_config index 0b7d95a..acd7716 100644 --- a/shell/sshd_config +++ b/shell/sshd_config @@ -26,13 +26,11 @@ Port 22 Protocol 2 # Stronger algorithms. See ssh_config for details. -KexAlgorithms diffie-hellman-group-exchange-sha256 +KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512 Ciphers aes256-ctr -MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512 - -# Use privilege separation for increased security. "sandbox" applies -# additional restrictions on the unprivileged process. -UsePrivilegeSeparation sandbox +MACs hmac-sha2-512-etm@openssh.com +HostKeyAlgorithms rsa-sha2-512 +PubkeyAcceptedKeyTypes -ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com # Don't use PAM because it may circumvent other authentication methods used # below (default). -- 2.45.2