Security team of my organization told us to disable weak ciphers due to they issue weak keys.
arcfour arcfour128 arcfour256
But I tried looking for these ciphers in ssh_config and sshd_config file but found them commented.
grep arcfour * ssh_config:# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
Where else I should check to disable these ciphers from SSH?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
If you have no explicit list of ciphers set in ssh_config using the Ciphers keyword, then the default value, according to man 5 ssh_config (client-side) and man 5 sshd_config (server-side), is:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c1a0a4b2f0f3f9eca6a2ac81aeb1a4afb2b2a9efa2aeac">[email protected]</a>,<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="412024327374776c26222c012e31242f3232296f222e2c">[email protected]</a>,
<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5f3c373e3c373e6d6f722f3033266e6c6f6a1f302f3a312c2c37713c3032">[email protected]</a>,
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
aes256-cbc,arcfour
Note the presence of the arcfour ciphers. So you may have to explicitly set a more restrictive value for Ciphers.
ssh -Q cipher from the client will tell you which schemes your client can support. Note that this list is not affected by the list of ciphers specified in ssh_config. Removing a cipher from ssh_config will not remove it from the output of ssh -Q cipher. Furthermore, using ssh with the -c option to explicitly specify a cipher will override the restricted list of ciphers that you set in ssh_config and possibly allow you to use a weak cipher. This is a feature that allows you to use your ssh client to communicate with obsolete SSH servers that do not support the newer stronger ciphers.
nmap --script ssh2-enum-algos -sV -p <port> <host> will tell you which schemes your server supports.
Method 2
To disable RC4 and use secure ciphers on SSH server, hard-code the following in /etc/ssh/sshd_config
ciphers <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d2b1bab3b1bab3e0e2ffa2bdbeabe3e1e2e792bda2b7bca1a1bafcb1bdbf">[email protected]</a>,<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="38595d4b0a0d0e155f5b557857485d564b4b50165b5755">[email protected]</a>,<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="9afbffe9aba8a2b7fdf9f7daf5eafff4e9e9f2b4f9f5f7">[email protected]</a>,aes256-ctr,aes192-ctr,aes128-ctr
OR if you prefer not to dictate ciphers but merely want to strip out insecure ciphers, run this on the command line instead (in sudo mode):
sshd -T | grep ciphers | sed -e "s/(3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|arcfour|arcfour128|arcfour256|blowfish-cbc|cast128-cbc|<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="35475c5f5b515450591856575675594c4654415a471b595c401b4650">[email protected]</a>),?//g" >> /etc/ssh/sshd_config
You can check ciphers currently used by your server with:
sudo sshd -T | grep ciphers | perl -pe 's/,/n/g' | sort -u
Make sure your ssh client can use these ciphers, run
ssh -Q cipher | sort -u
to see the list.
You can also instruct your SSH client to negotiate only secure ciphers with remote servers. In /etc/ssh/ssh_config set:
Host *
ciphers <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1b78737a78737a292b366b7477622a282b2e5b746b7e7568687335787476">[email protected]</a>,<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ceafabbdfcfbf8e3a9ada38ea1beaba0bdbda6e0ada1a3">[email protected]</a>,<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c9a8acbaf8fbf1e4aeaaa489a6b9aca7babaa1e7aaa6a4">[email protected]</a>,aes256-ctr,aes192-ctr,aes128-ctr
Above snippets come from here
To test your server’s settings you can use ssh-audit
Method 3
The problem with explicitly specifying a cipher list is that you must manually add new ciphers as they come out. Instead, simply list the ciphers you want to remove, prepending the list (not each individual cipher) with a ‘-‘ character. So in this case, the Ciphers line should read:
Ciphers -arcfour*
Or if you prefer:
Ciphers -arcfour,arcfour128,arcfour256
From the sshd_config man page on the Ciphers option (since OpenSSH 7.5, released 2017-03-20):
If the specified value begins with a ‘+’ character, then the specified ciphers will be appended to the default set instead of replacing them. If the specified value begins with a ‘-’ character, then the specified ciphers (including wildcards) will be removed from the default set instead of replacing them.
This also applies to the KexAlgorithms and MACs options.
Method 4
How to disable a weak ssh cipher,100% working tested on Fedora 29.
The problem:
Nessus report my samba4 server use not strong ciphers aes256-cbc and aes128-cbc.
So I put those lines in /etc/ssh/sshd_config
MACs hmac-sha2-512,hmac-sha2-256 Ciphers aes256-ctr,aes192-ctr,aes128-ctr KexAlgorithms diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a4c7d1d6d2c1969191959d89d7ccc5969192e4c8cdc6d7d7cc8acbd6c3">[email protected]</a>
Et voilà!..it still use the cbc cipher because this command work 🙁
ssh -c aes256-cbc samba4
So I check the useful systemd and I discover sshd service is using another file for ciphers
/etc/crypto-policies/back-ends/opensshserver.config
Backup the file for safety
cp /etc/crypto-policies/back-ends/opensshserver.config /etc/crypto-policies/back-ends/opensshserver.config.old
Edit it,and remove the cbc cipher.
Restart the service
systemctl restart sshd
And finally test,works fine..cbc disabled.
ssh -c aes256-cbc samba4 Unable to negotiate with 192.168.0.48 port 22: no matching cipher found. Their offer: <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="462723357473706b21252b062936232835352e6825292b">[email protected]</a>,<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="04676c65676c65363429746b687d35373431446b74616a77776c2a676b69">[email protected]</a>,aes256-ctr,<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c5a4a0b6f4f7fde8a2a6a885aab5a0abb6b6adeba6aaa8">[email protected]</a>,aes128-ctr
Method 5
enable/disable cipher need to add/remove it in file /etc/ssh/sshd_config
After edit this file the service must be reloaded
systemctl reload sshd /etc/init.d/sshd reload
Then,running this command from the client will tell you which schemes support
ssh -Q cipher
To check if arcfour cipher is enabled or not on the server
run this command
ssh localhost -c arcfour
To check if arcfour128 cipher is enabled or not on the server,run this command
ssh localhost -c arcfour128
Method 6
SSH: How to disable weak ciphers?
Asked 4 years ago
What you ask is found in /etc/ssh/sshd_config.
The file below is that, taken from RHEL 7.9 and configured to STIG, as of this date their latest version is 2.8. They have called out weak ssh ciphers and request they not be used… as such you are left with what is specified for Ciphers and MACs.
Per a web search: problem with cbc cipher
The problem with CBC mode is that the decryption of blocks is dependant on the previous ciphertext block. This means attackers can manipulate the decryption of a block by tampering with the previous block using the commutative property of XOR.Oct 16, 2019. CBC Mode is Malleable. Don’t trust it for Authentication …
All that sort of stuff is over my head so I can’t vouch for how accurate or within context it all is all I know is they say it’s bad.
Therefore the aes###-cbc ciphers are removed and only the aes###-ctr ciphers are used. To completely answer your question, use only aes256-ctr and hmac-sha2-512 as anything else would be weaker.
# This is from RHEL 7.9 x86-64 # # $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # If you want to change the port on a SELinux system # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER # PermitEmptyPasswords no PermitUserEnvironment no HostbasedAuthentication no Ciphers aes128-ctr,aes192-ctr,aes256-ctr ClientAliveInterval 0 # ** depercated ** RhostsRSAAuthentication no ClientAliveCountMax 3 IgnoreRhosts yes PrintLastLog yes PermitRootLogin no IgnoreUserKnownHosts yes Protocol 2 MACs hmac-sha2-256,hmac-sha2-512 GSSAPIAuthentication no KerberosAuthentication no StrictModes yes UsePrivilegeSeparation sandbox Compression no X11Forwarding yes Port 22 banner /etc/issue UsePAM yes LoginGraceTime 2m MaxAuthTries 6 MaxSessions 10 TCPKeepAlive yes UseLogin no AddressFamily any SyslogFacility AUTHPRIV PubkeyAuthentication yes SyslogFacility AUTH LogLevel INFO PrintMotd yes PermitTunnel no ShowPatchLevel no UseDNS yes #ListenAddress 0.0.0.0 #ListenAddress :: #RekeyLimit default none PasswordAuthentication yes ChallengeResponseAuthentication no KerberosOrLocalPasswd yes KerberosTicketCleanup yes KerberosGetAFSToken no KerberosUseKuserok yes GSSAPICleanupCredentials no GSSAPIStrictAcceptorCheck yes GSSAPIKeyExchange no GSSAPIEnablek5users no AllowAgentForwarding yes AllowTcpForwarding yes GatewayPorts no X11DisplayOffset 10 X11UseLocalhost yes PermitTTY yes PidFile /var/run/sshd.pid MaxStartups 10:30:100 ChrootDirectory none VersionAddendum none HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # Accept locale-related environment variables AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0