How to harden SSH on CentOS 6.5

Question

I have a new (first time) CentOS 6.5 server being used for a web server. Our security team has identified the following weakness:

The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.   Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.

Plugin Output The following client-to-server Method Authentication Code (MAC) algorithms  are supported :    hmac-md5   hmac-md5-96   hmac-sha1-96

How do I disable MD5 and/or 96-bit MAC algorithms on a CentOS 6.5 server? I tried running: authconfig --disablemd5 --updateall but still had the same issue.

http://serverfault.com/questions/563386/openssh-on-centos-6-5 — gowenfawr, Dec 25 '13 at 17:35
Okay - the serverfault one is on hold, so let's keep this one. For future reference, please do not cross post. — Rory Alsop, Dec 29 '13 at 17:27
Well, you can use certificate authorization. it will be much more secure than password. — , Feb 27 '14 at 07:38
Relevant: [Secure Secure Shell](https://stribika.github.io/2015/01/04/secure-secure-shell.html) — user, Mar 30 '16 at 14:54
Doesn't removing the entries stop presentation of the ciphers during the negotiation period? — munchkin, Jan 18 '17 at 10:38

Casey · Answer 1 · 2013-12-26T17:11:43.360

I am not completely sure, but you may want to look at the protocol setting in sshd_config.

From http://wiki.centos.org/HowTos/Network/SecuringSSH

# Protocol 2,1
Protocol 2

Change Protocol 1 to Protocol 2 and restart. This should already be set to Protocol 2 in Centos 6.5, but you may want to double check.

I found this run down of the different protocol options

http://www.snailbook.com/faq/ssh-1-vs-2.auto.html

Not sure if that is going to be enough to solve your particular issue though.

Do you know what they are using to check the configuration?

UPDATED:

This is from running man sshd_config on

Ciphers
         Specifies the ciphers allowed for protocol version 2 in order of preference.  Multiple ciphers must be comma-separated.  The supported ciphers are
         “3des-cbc”, “aes128-cbc”, “aes192-cbc”, “aes256-cbc”, “aes128-ctr”, “aes192-ctr”, “aes256-ctr”, “arcfour128”, “arcfour256”, “arcfour”,
         “blowfish-cbc”, and “cast128-cbc”.  The default is:

            aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
            aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
            aes256-cbc,arcfour

Also the Macs option:

MACs    Specifies the MAC (message authentication code) algorithms in order of preference.  The MAC algorithm is used in protocol version 2 for data
         integrity protection.  Multiple algorithms must be comma-separated.  The default is:

               hmac-md5,hmac-sha1,umac-64@openssh.com,
               hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
               hmac-sha2-256,hmac-sha2-512

So I would take a look through those and set the options in your /etc/ssh/sshd_config file with the ciphers and macs that you want.

I believe the tool is called Nessus or Tenable Security Scanner. — user739866, Dec 26 '13 at 03:36
Changing to explicit `Protocol 2` didn't work for me, I had to specify the Ciphers and MACs list (also as a result of a Nessus external scan). — dsummersl, Apr 21 '14 at 14:50

score 7 · Answer 2 · edited Mar 29 '16 at 22:43

7

Add the following 2 lines to your /etc/ssh/ssh_config and the /etc/ssh/sshd_config file:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
MACs hmac-sha1

Restart services. Boom. FIPS compliant.

edited Mar 29 '16 at 22:43

techraf

9,141
11
44
62

answered Mar 29 '16 at 21:36

elagrew

79
1
1

I'm pretty sure OpenSSH isn't certified as FIPS compliant. You might be using FIPS algorithms, but that doesn't mean you are FIPS compliant. – user Jan 18 '17 at 16:08
@MichaelKjörling: people talking about 'FIPS compliant/compliance' usually mean FIPS**140** **validated**, but read literally OpenSSH does comply with FIPS197 FIPS46-3 (even though withdrawn) FIPS198-1 FIPS180. Somewhat more seriously, most OpenSSH builds (still) use OpenSSL for crypto primitives and OpenSSL can _optionally_ be built to use an internal FIPS140 module that is validated on _some_ platforms; the exact list has changed repeatedly so check the links at https://www.openssl.org/docs/fips.html – dave_thompson_085 Jan 18 '17 at 18:41
Prefix the `Ciphers` in the list with `+` and `-` instead of hardcoding a list that will make _future_ configurations less secure than they could be by default. – 0xC0000022L Nov 20 '18 at 09:13

score 7 · Answer 3 · answered Feb 09 '17 at 22:33

It's 2017 and it's time to update the recommendations. Now both all *-CBC and RC4 ciphers are considered weak. So we are left with:

MACs hmac-sha2-512,hmac-sha2-256
Ciphers aes256-ctr,aes192-ctr,aes128-ctr

Or for anything newer that supports OpenSSH 6.7 and above:

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

Source: https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Configuration

Thank you - I had to re-add *hmac-sha1* to the MACs line, but otherwise this fixed my needs — Criggie, May 08 '17 at 05:07

score 0 · Answer 4 · edited Jan 18 '17 at 15:18

0

I found this post that may be helpful. It states that by adding the following lines:

 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128
 MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160

to the sshd config (/etc/ssh/sshd_config) you can remove these weak MACs.

edited Jan 18 '17 at 15:18

Jens Timmerman

252
1
9

answered Oct 18 '15 at 19:27

justin

9
1

How to harden SSH on CentOS 6.5

4 Answers4