Custom SSH Security

From OSNEXUS Wiki
Jump to: navigation, search

Enhancing SSH security

This article details how to modify the ssh service to restrict the cipher list and key exchange algorithms on a QuantaStor SDS Storage Appliance. The full list of key exchange options are detailed in the man page here

For customers who wish to secure their QuantaStor SSH service and restrict communication to stronger ciphers and key exchange algorithms but who may not understand the complexity of the topic, we recommend following the security best practices outlined by the Foundation for the OpenSSH 5.3 or newer releases. QuantaStor 3.x currently includes the OpenSSH_5.9p1 based patch releases.

Editing the SSH config file

You will want to edit the /etc/ssh/sshd_config file on each of your QuantaStor system(s) and add your custom settings for the 'KexAlgorithms', 'MACs' and 'Ciphers'. These sections are not normally included in the file and will need to be added, they can be inserted anywhere in the file. The below example shows what you would add to your /etc/ssh/sshd_config file following the Mozilla Foundation security guidelines.

#Enforce strong security ciphers and algorithms
KexAlgorithms diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256
Ciphers aes256-ctr,aes192-ctr,aes128-ctr

Once the new settings are in the configuration file, you will want to restart the ssh service using the below command:

sudo service ssh restart


Verifying the SSH security settings

You can confirm the new ciphers and algorithms are in use by using ssh in debug2 mode with the '-vv' flag.

The first list of key exchange ciphers in the kex_parse_kexinit section of the ssh debug output are those the client can support, these are specific to the client you are running and limiting their cipher and algorithms is not within the scope of this document.

...

debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 

...

The second set of key exchange ciphers in the kex_parse_kexinit section of the ssh debug output are those the ssh server can support. The below example output shows what you would see after configuring with the Mozilla Foundation Security Guidelines advised in the 'Editing the SSH config file' section above.

...

debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr
debug2: kex_parse_kexinit: hmac-sha2-512,hmac-sha2-256
debug2: kex_parse_kexinit: hmac-sha2-512,hmac-sha2-256
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 

...

The other section in the ssh debug output 'mac_setup' and 'kex' details the message authentication code(MAC) that the systems negotiate for identity verification and the cipher chosen for communication. The below example output shows what you would see after configuring with the best practice settings advised in the 'Editing the SSH config file' section above.

...

debug2: mac_setup: found hmac-sha2-256
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug2: mac_setup: found hmac-sha2-256
debug1: kex: client->server aes128-ctr hmac-sha2-256 none

...