mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-23 01:21:07 +01:00
Add FreeBSD OpenSSH Hardening Guides
parent
3026e2c79e
commit
8a97cbb6bd
240
FreeBSD-OpenSSH-Hardening-Guides.md
Normal file
240
FreeBSD-OpenSSH-Hardening-Guides.md
Normal file
@ -0,0 +1,240 @@
|
|||||||
|
> **Note**
|
||||||
|
>
|
||||||
|
> Taken from: https://github.com/bsdlabs/ssh-hardening
|
||||||
|
|
||||||
|
# Server
|
||||||
|
|
||||||
|
## Backup ssh config, install ssh-audit
|
||||||
|
|
||||||
|
sudo -s # we need root for most of this
|
||||||
|
cp -a /etc/ssh /etc/ssh.bak # backup ssh config just in case
|
||||||
|
pkg install -y security/py-ssh-audit # install ssh-audit (you can make intall if you like)
|
||||||
|
|
||||||
|
## Enable and start sshd, then run ssh-audit, saving the output
|
||||||
|
|
||||||
|
service sshd enable
|
||||||
|
service sshd start
|
||||||
|
uname -a > ssh-audit.out
|
||||||
|
echo "# before hardening" >> ssh-audit.out
|
||||||
|
ssh-audit --no-colors localhost >> ssh-audit.out || true
|
||||||
|
|
||||||
|
## Remove existing key-pairs, disable DSA & ECDSA
|
||||||
|
|
||||||
|
rm -f /etc/ssh/ssh_host_*
|
||||||
|
sysrc sshd_dsa_enable="no"
|
||||||
|
sysrc sshd_ecdsa_enable="no"
|
||||||
|
sysrc sshd_ed25519_enable="yes"
|
||||||
|
sysrc sshd_rsa_enable="yes"
|
||||||
|
|
||||||
|
## Regenerate RSA and Ed25519 keys
|
||||||
|
|
||||||
|
ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
|
||||||
|
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""
|
||||||
|
|
||||||
|
## Remove Diffie-Hellman moduli smaller than 3071
|
||||||
|
|
||||||
|
awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe
|
||||||
|
mv /etc/ssh/moduli.safe /etc/ssh/moduli
|
||||||
|
|
||||||
|
## Restrict supported key exchange, cipher, and MAC algorithms
|
||||||
|
|
||||||
|
printf "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com\n" >> /etc/ssh/sshd_config
|
||||||
|
|
||||||
|
## Restart sshd and run ssh-audit again, appending output
|
||||||
|
|
||||||
|
service sshd restart
|
||||||
|
echo "# after hardening" >> ssh-audit.out
|
||||||
|
ssh-audit --no-colors localhost >> ssh-audit.out
|
||||||
|
|
||||||
|
<details>
|
||||||
|
<summary>Send (pastebin) the contents of <code>ssh-audit.out</code></summary>
|
||||||
|
|
||||||
|
```
|
||||||
|
FreeBSD cirrus-task-0000000000000000 14.0-CURRENT FreeBSD 14.0-CURRENT #0 main-n262122-2ef2c26f3f13: Thu Apr 13 12:00:00 UTC 2023 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64
|
||||||
|
# before hardening
|
||||||
|
# general
|
||||||
|
(gen) banner: SSH-2.0-OpenSSH_9.3 FreeBSD-20230316
|
||||||
|
(gen) software: OpenSSH 9.3 running on FreeBSD (2023-03-16)
|
||||||
|
(gen) compatibility: OpenSSH 8.5+, Dropbear SSH 2018.76+
|
||||||
|
(gen) compression: enabled (zlib@openssh.com)
|
||||||
|
|
||||||
|
# key exchange algorithms
|
||||||
|
(kex) sntrup761x25519-sha512@openssh.com -- [info] available since OpenSSH 8.5
|
||||||
|
(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
|
||||||
|
`- [info] default key exchange since OpenSSH 6.4
|
||||||
|
(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
|
||||||
|
`- [info] default key exchange since OpenSSH 6.4
|
||||||
|
(kex) ecdh-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
|
||||||
|
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
|
||||||
|
(kex) ecdh-sha2-nistp384 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
|
||||||
|
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
|
||||||
|
(kex) ecdh-sha2-nistp521 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
|
||||||
|
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
|
||||||
|
(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
|
||||||
|
`- [info] available since OpenSSH 4.4
|
||||||
|
`- [info] A bug in OpenSSH causes it to fall back to a 2048-bit modulus regardless of server configuration (https://bugzilla.mindrot.org/show_bug.cgi?id=2793)
|
||||||
|
(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
|
||||||
|
(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
|
||||||
|
(kex) diffie-hellman-group14-sha256 -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
|
||||||
|
`- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
|
||||||
|
|
||||||
|
# host-key algorithms
|
||||||
|
(key) rsa-sha2-512 (3072-bit) -- [info] available since OpenSSH 7.2
|
||||||
|
(key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2
|
||||||
|
(key) ecdsa-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
|
||||||
|
`- [warn] using weak random number generator could reveal the key
|
||||||
|
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
|
||||||
|
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
|
||||||
|
|
||||||
|
# encryption algorithms (ciphers)
|
||||||
|
(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
|
||||||
|
`- [info] default cipher since OpenSSH 6.9
|
||||||
|
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
|
||||||
|
(enc) aes192-ctr -- [info] available since OpenSSH 3.7
|
||||||
|
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
|
||||||
|
(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
|
||||||
|
# message authentication code algorithms
|
||||||
|
(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
|
||||||
|
`- [info] available since OpenSSH 6.2
|
||||||
|
(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
(mac) hmac-sha1-etm@openssh.com -- [fail] using broken SHA-1 hash algorithm
|
||||||
|
`- [info] available since OpenSSH 6.2
|
||||||
|
(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
|
||||||
|
`- [warn] using small 64-bit tag size
|
||||||
|
`- [info] available since OpenSSH 4.7
|
||||||
|
(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
|
||||||
|
`- [info] available since OpenSSH 6.2
|
||||||
|
(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
|
||||||
|
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
|
||||||
|
(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
|
||||||
|
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
|
||||||
|
(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm
|
||||||
|
`- [warn] using encrypt-and-MAC mode
|
||||||
|
`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
|
||||||
|
|
||||||
|
# fingerprints
|
||||||
|
(fin) ssh-ed25519: SHA256://vc4mr/g2BTKIdK3NERXkgPB2N3eUWu1w9ogRzl+jU
|
||||||
|
(fin) ssh-rsa: SHA256:LTh9CSdUlWAIEENm9zuouPcLYS3Z2gfGVvarLy2Hrcs
|
||||||
|
|
||||||
|
# algorithm recommendations (for OpenSSH 9.3)
|
||||||
|
(rec) -diffie-hellman-group14-sha256 -- kex algorithm to remove
|
||||||
|
(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
|
||||||
|
(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
|
||||||
|
(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
|
||||||
|
(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
|
||||||
|
(rec) -hmac-sha1 -- mac algorithm to remove
|
||||||
|
(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
|
||||||
|
(rec) -hmac-sha2-256 -- mac algorithm to remove
|
||||||
|
(rec) -hmac-sha2-512 -- mac algorithm to remove
|
||||||
|
(rec) -umac-128@openssh.com -- mac algorithm to remove
|
||||||
|
(rec) -umac-64-etm@openssh.com -- mac algorithm to remove
|
||||||
|
(rec) -umac-64@openssh.com -- mac algorithm to remove
|
||||||
|
|
||||||
|
# additional info
|
||||||
|
(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
|
||||||
|
|
||||||
|
# after hardening
|
||||||
|
# general
|
||||||
|
(gen) banner: SSH-2.0-OpenSSH_9.3 FreeBSD-20230316
|
||||||
|
(gen) software: OpenSSH 9.3 running on FreeBSD (2023-03-16)
|
||||||
|
(gen) compatibility: OpenSSH 8.5+, Dropbear SSH 2018.76+
|
||||||
|
(gen) compression: enabled (zlib@openssh.com)
|
||||||
|
|
||||||
|
# key exchange algorithms
|
||||||
|
(kex) sntrup761x25519-sha512@openssh.com -- [info] available since OpenSSH 8.5
|
||||||
|
(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
|
||||||
|
`- [info] default key exchange since OpenSSH 6.4
|
||||||
|
(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
|
||||||
|
`- [info] default key exchange since OpenSSH 6.4
|
||||||
|
(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
|
||||||
|
(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
|
||||||
|
(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
|
||||||
|
`- [info] available since OpenSSH 4.4
|
||||||
|
`- [info] A bug in OpenSSH causes it to fall back to a 2048-bit modulus regardless of server configuration (https://bugzilla.mindrot.org/show_bug.cgi?id=2793)
|
||||||
|
|
||||||
|
# host-key algorithms
|
||||||
|
(key) rsa-sha2-512 (4096-bit) -- [info] available since OpenSSH 7.2
|
||||||
|
(key) rsa-sha2-256 (4096-bit) -- [info] available since OpenSSH 7.2
|
||||||
|
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
|
||||||
|
|
||||||
|
# encryption algorithms (ciphers)
|
||||||
|
(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
|
||||||
|
`- [info] default cipher since OpenSSH 6.9
|
||||||
|
(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
|
||||||
|
(enc) aes192-ctr -- [info] available since OpenSSH 3.7
|
||||||
|
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
|
||||||
|
|
||||||
|
# message authentication code algorithms
|
||||||
|
(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
|
||||||
|
# fingerprints
|
||||||
|
(fin) ssh-ed25519: SHA256:fadjjnDRlCNwjheWnNP0MwiaM3g2wXAyT3a+cExyV9g
|
||||||
|
(fin) ssh-rsa: SHA256:Ch0vT4Ys23MrLX4YGHju++Zl4/jUUFty3WEjjFWfYbg
|
||||||
|
```
|
||||||
|
</details>
|
||||||
|
|
||||||
|
## If you want to revert the SSH configuration
|
||||||
|
|
||||||
|
rm -rf /etc/ssh
|
||||||
|
mv /etc/ssh.bak /etc/ssh
|
||||||
|
|
||||||
|
# Client
|
||||||
|
|
||||||
|
## Run the following in a terminal to harden the OpenSSH client for the local user
|
||||||
|
|
||||||
|
mkdir -p -m 0700 ~/.ssh; printf "\nHost *\n Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\n KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\n MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\n HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com\n" >> ~/.ssh/config
|
||||||
|
|
||||||
|
<details>
|
||||||
|
<summary>Results report</summary>
|
||||||
|
|
||||||
|
```
|
||||||
|
# general
|
||||||
|
(gen) client IP: 127.0.0.1
|
||||||
|
(gen) banner: SSH-2.0-OpenSSH_9.3
|
||||||
|
(gen) software: OpenSSH 9.3
|
||||||
|
(gen) compression: enabled (zlib@openssh.com, zlib)
|
||||||
|
|
||||||
|
# key exchange algorithms
|
||||||
|
(kex) sntrup761x25519-sha512@openssh.com -- [info] available since OpenSSH 8.5
|
||||||
|
(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
|
||||||
|
`- [info] default key exchange since OpenSSH 6.4
|
||||||
|
(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
|
||||||
|
`- [info] default key exchange since OpenSSH 6.4
|
||||||
|
(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
|
||||||
|
(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
|
||||||
|
(kex) diffie-hellman-group-exchange-sha256 -- [info] available since OpenSSH 4.4
|
||||||
|
(kex) ext-info-c
|
||||||
|
|
||||||
|
# host-key algorithms
|
||||||
|
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
|
||||||
|
(key) ssh-ed25519-cert-v01@openssh.com -- [info] available since OpenSSH 6.5
|
||||||
|
(key) sk-ssh-ed25519@openssh.com -- [info] available since OpenSSH 8.2
|
||||||
|
(key) sk-ssh-ed25519-cert-v01@openssh.com -- [info] available since OpenSSH 8.2
|
||||||
|
(key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
|
||||||
|
(key) rsa-sha2-256-cert-v01@openssh.com -- [info] available since OpenSSH 7.8
|
||||||
|
(key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
|
||||||
|
(key) rsa-sha2-512-cert-v01@openssh.com -- [info] available since OpenSSH 7.8
|
||||||
|
|
||||||
|
# encryption algorithms (ciphers)
|
||||||
|
(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
|
||||||
|
`- [info] default cipher since OpenSSH 6.9
|
||||||
|
(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
|
||||||
|
(enc) aes192-ctr -- [info] available since OpenSSH 3.7
|
||||||
|
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
|
||||||
|
|
||||||
|
# message authentication code algorithms
|
||||||
|
(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
|
||||||
|
```
|
||||||
|
</details>
|
Loading…
Reference in New Issue
Block a user