Hi HN! Note: this is less a guide and more to use the same instructions as those in the guides at https://www.ssh-audit.com/hardening_guides.html in order to submit it for inclusion there. Having said that, and based on feedback already, we'll probably look to more fully flesh it out.
This might all look scary, but dont worry, instructions for backing up your ssh configuration and reverting change are included. Have fun, and if you're unsure, reach out for help or questions @ #freebsd libera IRC or Twitter #freebsd.
If you are running this hardening script and reporting results back here, it is important for validation purposes that the instructions are copied verbatim, as they will be sent upstream. Please copy-paste commands, rather than manually typing them.
Not doing so may result in an undefined system state. If errors occur, please report tham to koobs @ Libera Chat IRC
.
sudo -s
# we need root for most of this (doas
is OK too)cp -Rp /etc/ssh /etc/ssh.bak
# backup ssh config just in caseportmaster security/py-ssh-audit
# install ssh-audit (pkg
add ormake install
is fine too)rehash
sysrc sshd_enable="yes"
service sshd start
uname -a > ~/ssh-audit.out
ssh-audit --no-colors localhost >> ~/ssh-audit.out
rm /etc/ssh/ssh_host_*
sysrc sshd_dsa_enable="no"
sysrc sshd_ecdsa_enable="no"
sysrc sshd_ed25519_enable="yes"
sysrc sshd_rsa_enable="yes"
service sshd keygen
awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe
mv /etc/ssh/moduli.safe /etc/ssh/moduli
sed -i .bak 's/^HostKey \/etc\/ssh\/ssh_host_\(dsa\|ecdsa\)_key$/\#HostKey \/etc\/ssh\/ssh_host_\1_key/g; s/^#HostKey \/etc\/ssh\/ssh_host_\(rsa\|ed25519\)_key$/\HostKey \/etc\/ssh\/ssh_host_\1_key/g' /etc/ssh/sshd_config
printf "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com" >> /etc/ssh/sshd_config
service sshd restart
ssh-audit --no-colors localhost >> ~/ssh-audit.out
- Add contents of
~/ssh-audit.out
as a comment to this gist, OR... - Send (pastebin) the contents of
~/ssh-audit.out
to koobs @ Libera Chat IRC
rm -rf /etc/ssh
mv /etc/ssh.bak /etc/ssh
sysrc -x sshd_dsa_enable
sysrc -x sshd_ecdsa_enable
sysrc -x sshd_ed25519_enable
sysrc -x sshd_rsa_enable
service sshd restart
If you weren't running ssh before this guide, additionally run:
sysrc -x sshd_enable
service sshd stop
FreeBSD FORTYTWO 13.0-STABLE FreeBSD 13.0-STABLE #3 stable/13-n247112-c44d2e30e8a: Sat Sep 11 13:38:25 EDT 2021 jimmie@FORTYTWO:/usr/obj/usr/src/amd64.amd64/sys/FORTYTWO amd64
general
(gen) banner: SSH-2.0-OpenSSH_7.9 FreeBSD-20200214
(gen) software: OpenSSH 7.9 running on FreeBSD (2020-02-14)
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
(gen) compression: enabled (zlib@openssh.com)
key exchange algorithms
(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 (kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4 (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 (kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
- [info] available since OpenSSH 3.9, Dropbear SSH 0.53host-key algorithms
(key) rsa-sha2-512 (2048-bit) -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256 (2048-bit) -- [info] available since OpenSSH 7.2
(key) ssh-rsa (2048-bit) -- [fail] using weak hashing algorithm
- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
- [warn] using weak random number generator could reveal the key
- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
`- [info] default cipher since OpenSSH 6.9.
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr -- [info] available since OpenSSH 3.7
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
message authentication code algorithms
(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
- [info] available since OpenSSH 6.2 (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
- [info] available since OpenSSH 6.2(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
- [warn] using small 64-bit tag size
- [info] available since OpenSSH 4.7(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
- [info] available since OpenSSH 6.2 (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
- [warn] using weak hashing algorithm`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
fingerprints
(fin) ssh-ed25519: SHA256:cj1SzvyyAT56HmcxANgV/Nyro7sxfGwVGRJHgfhhPSw
(fin) ssh-rsa: SHA256:J03zUB7Nhd9GX+SgLGY2vth0WBdRvYVKIaFOFOxZ94M
algorithm recommendations (for OpenSSH 7.9)
(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
(rec) -hmac-sha1 -- mac algorithm to remove
(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
(rec) -hmac-sha2-256 -- mac algorithm to remove
(rec) -hmac-sha2-512 -- mac algorithm to remove
(rec) -ssh-rsa -- key algorithm to remove
(rec) -umac-128@openssh.com -- mac algorithm to remove
(rec) -umac-64-etm@openssh.com -- mac algorithm to remove
(rec) -umac-64@openssh.com -- mac algorithm to remove
additional info
(nfo) For hardening guides on common OSes, please see: https://www.ssh-audit.com/hardening_guides.html
general
(gen) banner: SSH-2.0-OpenSSH_7.9 FreeBSD-20200214
(gen) software: OpenSSH 7.9 running on FreeBSD (2020-02-14)
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
(gen) compression: enabled (zlib@openssh.com)
key exchange algorithms
(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4
host-key algorithms
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
`- [info] default cipher since OpenSSH 6.9.
(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr -- [info] available since OpenSSH 3.7
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
message authentication code algorithms
(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
fingerprints
(fin) ssh-ed25519: SHA256:k0fQ3JkPLM0ZqQNNf9ujq1xpUQVQvWM5jKB5rUKpe7w
algorithm recommendations (for OpenSSH 7.9)
(rec) +diffie-hellman-group14-sha256 -- kex algorithm to append
(rec) +rsa-sha2-256 -- key algorithm to append
(rec) +rsa-sha2-512 -- key algorithm to append
FreeBSD FORTYTWO 13.0-STABLE FreeBSD 13.0-STABLE #3 stable/13-n247112-c44d2e30e8a: Sat Sep 11 13:38:25 EDT 2021 jimmie@FORTYTWO:/usr/obj/usr/src/amd64.amd64/sys/FORTYTWO amd64