Rado Rovny

Rado Rovny

to speak the truth they will have closed mouths

Securing OpenSSH in Debian

7 minute read

Below steps will improve standard installation of OpenSSH server. It has been tested with Debian Jessie and Stretch, but the same steps are applicable to Linux systems with OpenSSH 6.7 or higher.

Moduli

Make sure the bit size is sufficient - 4096 and more. To do so, delete all lines from /etc/ssh/moduli where the 5th column is less than 4000

awk '$5 > 4000' /etc/ssh/moduli > /tmp/moduli
wc -l /tmp/moduli # make sure there is something left
mv /tmp/moduli /etc/ssh/moduli

Optionally, brand new moduli file can be created.
Note: It will take a while to execute the steps.

ssh-keygen -G /tmp/moduli.all -b 4096
ssh-keygen -T /tmp/moduli.safe -f moduli.all
mv /tmp/moduli.safe /etc/ssh/
rm /tmp/moduli.all

Key exchange

We allow curve25519-sha256 and diffie-hellman-group-exchange-sha256 mechanisms for key exchange. Diffie-hellman-group16-sha512 and diffie-hellman-group18-sha512 can be added as well if supported by OpenSSH.
List of supported key exchange protocols can be obtained by executing ssh -Q kex.

ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org

Configure the following in /etc/ssh/sshd_config.

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

Configure the following in /etc/ssh/ssh_config.

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

Server authentication

We will allow Ed25519 and RSA algorithms for server authentication. We will also enforce SSH protocol version 2.
First we need to remove keys we will not use, and regenerate default RSA key, whose size is 2048 bits by default. New RSA key with 4096 bit size will be created.
We don’t need to modify the Ed25519 key.

Note: Connecting to the server after the RSA keys are regenerated will trigger an alert. This can be safely ignored, and the instructions provided by the SSH client need to be followed to remove existing entries from key database.

cd /etc/ssh
rm ssh_host_{dsa,ecdsa,rsa}_key*
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key -N ""

Make sure the following lines are in /etc/ssh/sshd_config.

Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key

Entries with ssh_host_dsa_key and ssh_host_ecdsa_key must be removed from /etc/ssh/sshd_config.

Client authentication

Password authentication should be disabled as soon as the client keys have been installed on the server. This can be done using ssh-copy-id.
Public key authentication must be enabled right away.
Client keys can be generated using the following commands.

ssh-keygen -t ed25519 -o -a 100
ssh-keygen -t rsa -b 4096 -o -a 100

Configure the following in /etc/ssh/sshd_config.

PasswordAuthentication no
ChallengeResponseAuthentication no
PubkeyAuthentication yes

List of available public key types for client authentication can be obtained by executing ssh -Q key.

ssh -Q key
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com

Configure the following in /etc/ssh/ssh_config.

Host *
    PubkeyAuthentication yes
    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa

Even with Public Key authentication, you should only allow incoming connections from expected users. The AllowUsers setting in sshd_config lets you specify users who are allowed to connect.
Add the ssh-user group which will be used to limit authorized users.

groupadd -r ssh-user

Add the ssh-user group to all users who will be connecting to the server.

sudo usermod -a -G ssh-user <username>

Limit the access to the server in sshd_config.

AllowGroups ssh-user

Symmetric ciphers

Symmetric ciphers are used to encrypt the data after the initial key exchange and authentication is complete.
List of available symmetric ciphers can be obtained by executing ssh -Q cipher.

ssh -Q cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

We are going to allow chacha20-poly1305 (preferred) and AES based ciphers. Configure the following in /etc/ssh/sshd_config.

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

Configure the following in /etc/ssh/ssh_config.

Host *
    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

Message authentication codes

MAC is used to provide integrity of the encrypted message by calculating and adding tag to it.
We will select the MACs based on the strength of the hash algorithm and the size of the tag it creates. List of available MACs can be obtained by executing ssh -Q mac.

ssh -Q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com

Configure the following in /etc/ssh/sshd_config.

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

Configure the following in /etc/ssh/ssh_config.

Host *
    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

Further options

Disable remote root access and disable DNS lookups of the remote host in /etc/ssh/sshd_config.

PermitRootLogin no
UseDNS no

Disable SSH roaming in /etc/ssh/ssh_config because of known vulnerability.

Host *
   UseRoaming no

Final notes

  • Test before use. Wrongly configured OpenSSH daemon can easily cut you off the remote server.
  • If possible, make sure you have console access to the server.
  • Always keep a active session to the server. Don’t restart the OpenSSH server, but rather reload its configuration, for example by sending SIGHUP signal.
  • Start a new OpenSSH instance on different port, and make it read different configuration file, for example /usr/sbin/sshd -p 2222 -f /tmp/sshd_config.

Leave a comment

You may also enjoy

My .screenrc configuration file

less than 1 minute read

My default configuration file for GNU Screen I’m using for some time. The key components are scrolling (using Shift-PgUp/PgDn or mouse wheel) and nice colore...