SSHD using insecure ciphers

SpiceDenver · June 10, 2020, 8:43pm

NethServer Version: 7.8.2003
Module: base

Problem: /etc/ssh/sshd_config contains NO cipher definitions, leaving SSHD to pick/use the defaults. Since the SSH server is configured to support Cipher Block Chaining (CBC) encryption, this may allow an attacker to recover the plaintext message from the ciphertext.

Ref: https://www.tenable.com/cve/CVE-2008-5161

The cockpit doesn’t have any allowance for cipher selections or a ‘secure’ profile. Curiously, you [NS] recommend changing the port instead of using the fail2ban app, and don’t have any method to dismiss the alert presented. It’s an unusual way to face security.

No allowance is made to adjust ciphers here.

Solution: edit the /etc/ssh/sshd_config file to add a line:
ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
Unfortunately, this will get overwritten if anyone adjusts the daemon through the gui.

Recommendation: Just add the ciphers line as part of a security patch. Alternately, add a check mark to use more secure ciphers.

On a personal note, I think security through obscurity is bad. If the problem (ciphers, tls, whatever) is fixed/hardened, then there’s no need to use a non-standard port.

stephdl · June 10, 2020, 9:07pm

this sounds good

We have in the past made some security changes to openssl, but IIRC we rolled back. Maybe it is time to think also on it

giacomo · June 11, 2020, 6:46am

I totally agree on this.
I asked to improve SSH cipher selection a couple of times, but my requests have been ignored

I will try to add it back to the roadmap, but I do not know when it will be done.
Please feel free to open a PR to implement such feature!

Edit. Please remind that you can harden your configuration with a template-custom.

danb35 · June 11, 2020, 11:26am

Mostly agree, though I don’t see that using a non-standard port is bad as such–just not nearly as helpful as some people seem to assume. But I do wish the manager would let you dismiss these notifications.

davidep · June 11, 2020, 2:16pm

According to the above link, OpenSSH was mitigated against that vulnerability in RHEL 5 ( http://rhn.redhat.com/errata/RHSA-2009-1287.html). At that time it was rated “low”.

Is it a real threat for us?

Some “weak” ciphers are fast. Sometimes faster encryption is needed, expecially to transfer large amount of data over a secure (enough) network.

You are right! Sadly, someone still prefers it…

…Maybe the same that are locked out of their servers because of F2B?

maja2020 · June 12, 2020, 9:41am

To make ik quick (and dirty) persistent:

mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config
echo 'ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com' > /etc/e-smith/templates-custom/etc/ssh/sshd_config/21Cyphers
signal-event nethserver-openssh-update

SpiceDenver · June 12, 2020, 1:55pm

F2B has a 15 minute timer option so if someone was locked out, just wait. Alternately, whitelist your networks appropiately during config, or just don’t screw it up and get banned.

SpiceDenver · June 12, 2020, 4:43pm

Remove this space.

maja2020 · June 15, 2020, 8:16pm

If I could I would. It seems I am not able to edit my post…
Maybe a helpfull moderator can do it. It does not show, but the space is there.

dnutan · June 15, 2020, 8:24pm

It was fixed the same day it was reported. I don’t see the space.

stephdl · June 30, 2020, 4:15pm

where does come this solution, I can read that it could not be enough

In the past we did this but we rolled back

from : Applied Crypto Hardening: bettercrypto.org

SpiceDenver · July 1, 2020, 2:00pm

It’s enough just to limit the ciphers in use to satisfy the security scans and eliminate the problems based on the CVEs.

stephdl · July 2, 2020, 6:31pm

it enables

# Require strong Encryption
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-256,hmac-sha2-512

stephdl · July 6, 2020, 4:09pm

braves asked for testing : https://github.com/NethServer/dev/issues/6218#issuecomment-654328168

giacomo · July 8, 2020, 6:55am

Thanks to the great work of @stephdl, the package has been released.

Hey @SpiceDenver it’s time to give it a try!

SpiceDenver · July 8, 2020, 6:00pm

I reverted the file and implemented the update. It seems to be working well. I’ll update when my security check/scan verifies it!

Update: All checks passed.

Now, if @stephdl could fix the use of a dot in the username for the password reset feature as quickly, I’d be forced to ship him locally made toffee.

stephdl · July 8, 2020, 7:57pm

Sorry I do not understand your issue

SpiceDenver · July 8, 2020, 8:01pm

Password reset failing is what I was referring to.

The toffee is a candy with nuts and chocolate. A popular item here.

stephdl · July 9, 2020, 5:58am

ok https://en.wikipedia.org/wiki/Toffee

we have something equivalent in Europe I think

turron in Spain (not my mother tongue, but it is the country of my wife) https://en.wikipedia.org/wiki/Turrón

nougat in France https://en.wikipedia.org/wiki/Nougat