diff --git a/FreeBSD-OpenSSH-Hardening-Guides.md b/FreeBSD-OpenSSH-Hardening-Guides.md new file mode 100644 index 0000000..2ae3aa1 --- /dev/null +++ b/FreeBSD-OpenSSH-Hardening-Guides.md @@ -0,0 +1,240 @@ +> **Note** +> +> Taken from: https://github.com/bsdlabs/ssh-hardening + +# Server + +## Backup ssh config, install ssh-audit + + sudo -s # we need root for most of this + cp -a /etc/ssh /etc/ssh.bak # backup ssh config just in case + pkg install -y security/py-ssh-audit # install ssh-audit (you can make intall if you like) + +## Enable and start sshd, then run ssh-audit, saving the output + + service sshd enable + service sshd start + uname -a > ssh-audit.out + echo "# before hardening" >> ssh-audit.out + ssh-audit --no-colors localhost >> ssh-audit.out || true + +## Remove existing key-pairs, disable DSA & ECDSA + + rm -f /etc/ssh/ssh_host_* + sysrc sshd_dsa_enable="no" + sysrc sshd_ecdsa_enable="no" + sysrc sshd_ed25519_enable="yes" + sysrc sshd_rsa_enable="yes" + +## Regenerate RSA and Ed25519 keys + + ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" + ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" + +## Remove Diffie-Hellman moduli smaller than 3071 + + awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe + mv /etc/ssh/moduli.safe /etc/ssh/moduli + +## Restrict supported key exchange, cipher, and MAC algorithms + + printf "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com\n" >> /etc/ssh/sshd_config + +## Restart sshd and run ssh-audit again, appending output + + service sshd restart + echo "# after hardening" >> ssh-audit.out + ssh-audit --no-colors localhost >> ssh-audit.out + +
+ Send (pastebin) the contents of ssh-audit.out + +``` +FreeBSD cirrus-task-0000000000000000 14.0-CURRENT FreeBSD 14.0-CURRENT #0 main-n262122-2ef2c26f3f13: Thu Apr 13 12:00:00 UTC 2023 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 +# before hardening +# general +(gen) banner: SSH-2.0-OpenSSH_9.3 FreeBSD-20230316 +(gen) software: OpenSSH 9.3 running on FreeBSD (2023-03-16) +(gen) compatibility: OpenSSH 8.5+, Dropbear SSH 2018.76+ +(gen) compression: enabled (zlib@openssh.com) + +# key exchange algorithms +(kex) sntrup761x25519-sha512@openssh.com -- [info] available since OpenSSH 8.5 +(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 + `- [info] default key exchange since OpenSSH 6.4 +(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 + `- [info] default key exchange since OpenSSH 6.4 +(kex) ecdh-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency + `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 +(kex) ecdh-sha2-nistp384 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency + `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 +(kex) ecdh-sha2-nistp521 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency + `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 +(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength + `- [info] available since OpenSSH 4.4 + `- [info] A bug in OpenSSH causes it to fall back to a 2048-bit modulus regardless of server configuration (https://bugzilla.mindrot.org/show_bug.cgi?id=2793) +(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 +(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 +(kex) diffie-hellman-group14-sha256 -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength + `- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 + +# host-key algorithms +(key) rsa-sha2-512 (3072-bit) -- [info] available since OpenSSH 7.2 +(key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2 +(key) ecdsa-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency + `- [warn] using weak random number generator could reveal the key + `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 +(key) ssh-ed25519 -- [info] available since OpenSSH 6.5 + +# encryption algorithms (ciphers) +(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5 + `- [info] default cipher since OpenSSH 6.9 +(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes192-ctr -- [info] available since OpenSSH 3.7 +(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 +(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 + +# message authentication code algorithms +(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size + `- [info] available since OpenSSH 6.2 +(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) hmac-sha1-etm@openssh.com -- [fail] using broken SHA-1 hash algorithm + `- [info] available since OpenSSH 6.2 +(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode + `- [warn] using small 64-bit tag size + `- [info] available since OpenSSH 4.7 +(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 6.2 +(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 +(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 +(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm + `- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 + +# fingerprints +(fin) ssh-ed25519: SHA256://vc4mr/g2BTKIdK3NERXkgPB2N3eUWu1w9ogRzl+jU +(fin) ssh-rsa: SHA256:LTh9CSdUlWAIEENm9zuouPcLYS3Z2gfGVvarLy2Hrcs + +# algorithm recommendations (for OpenSSH 9.3) +(rec) -diffie-hellman-group14-sha256 -- kex algorithm to remove +(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove +(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove +(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove +(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove +(rec) -hmac-sha1 -- mac algorithm to remove +(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove +(rec) -hmac-sha2-256 -- mac algorithm to remove +(rec) -hmac-sha2-512 -- mac algorithm to remove +(rec) -umac-128@openssh.com -- mac algorithm to remove +(rec) -umac-64-etm@openssh.com -- mac algorithm to remove +(rec) -umac-64@openssh.com -- mac algorithm to remove + +# additional info +(nfo) For hardening guides on common OSes, please see: + +# after hardening +# general +(gen) banner: SSH-2.0-OpenSSH_9.3 FreeBSD-20230316 +(gen) software: OpenSSH 9.3 running on FreeBSD (2023-03-16) +(gen) compatibility: OpenSSH 8.5+, Dropbear SSH 2018.76+ +(gen) compression: enabled (zlib@openssh.com) + +# key exchange algorithms +(kex) sntrup761x25519-sha512@openssh.com -- [info] available since OpenSSH 8.5 +(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 + `- [info] default key exchange since OpenSSH 6.4 +(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 + `- [info] default key exchange since OpenSSH 6.4 +(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 +(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 +(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength + `- [info] available since OpenSSH 4.4 + `- [info] A bug in OpenSSH causes it to fall back to a 2048-bit modulus regardless of server configuration (https://bugzilla.mindrot.org/show_bug.cgi?id=2793) + +# host-key algorithms +(key) rsa-sha2-512 (4096-bit) -- [info] available since OpenSSH 7.2 +(key) rsa-sha2-256 (4096-bit) -- [info] available since OpenSSH 7.2 +(key) ssh-ed25519 -- [info] available since OpenSSH 6.5 + +# encryption algorithms (ciphers) +(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5 + `- [info] default cipher since OpenSSH 6.9 +(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 +(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 +(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes192-ctr -- [info] available since OpenSSH 3.7 +(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 + +# message authentication code algorithms +(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 + +# fingerprints +(fin) ssh-ed25519: SHA256:fadjjnDRlCNwjheWnNP0MwiaM3g2wXAyT3a+cExyV9g +(fin) ssh-rsa: SHA256:Ch0vT4Ys23MrLX4YGHju++Zl4/jUUFty3WEjjFWfYbg +``` +
+ +## If you want to revert the SSH configuration + + rm -rf /etc/ssh + mv /etc/ssh.bak /etc/ssh + +# Client + +## Run the following in a terminal to harden the OpenSSH client for the local user + + mkdir -p -m 0700 ~/.ssh; printf "\nHost *\n Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\n KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\n MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\n HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com\n" >> ~/.ssh/config + +
+ Results report + +``` +# general +(gen) client IP: 127.0.0.1 +(gen) banner: SSH-2.0-OpenSSH_9.3 +(gen) software: OpenSSH 9.3 +(gen) compression: enabled (zlib@openssh.com, zlib) + +# key exchange algorithms +(kex) sntrup761x25519-sha512@openssh.com -- [info] available since OpenSSH 8.5 +(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 + `- [info] default key exchange since OpenSSH 6.4 +(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 + `- [info] default key exchange since OpenSSH 6.4 +(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 +(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 +(kex) diffie-hellman-group-exchange-sha256 -- [info] available since OpenSSH 4.4 +(kex) ext-info-c + +# host-key algorithms +(key) ssh-ed25519 -- [info] available since OpenSSH 6.5 +(key) ssh-ed25519-cert-v01@openssh.com -- [info] available since OpenSSH 6.5 +(key) sk-ssh-ed25519@openssh.com -- [info] available since OpenSSH 8.2 +(key) sk-ssh-ed25519-cert-v01@openssh.com -- [info] available since OpenSSH 8.2 +(key) rsa-sha2-256 -- [info] available since OpenSSH 7.2 +(key) rsa-sha2-256-cert-v01@openssh.com -- [info] available since OpenSSH 7.8 +(key) rsa-sha2-512 -- [info] available since OpenSSH 7.2 +(key) rsa-sha2-512-cert-v01@openssh.com -- [info] available since OpenSSH 7.8 + +# encryption algorithms (ciphers) +(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5 + `- [info] default cipher since OpenSSH 6.9 +(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 +(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 +(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes192-ctr -- [info] available since OpenSSH 3.7 +(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 + +# message authentication code algorithms +(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 +``` +