|
|
(20 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) |
Zeile 1: |
Zeile 1: |
| '''topic''' kurze Beschreibung | | '''topic''' - Kurzbeschreibung |
|
| |
|
| == Beschreibung == | | == Beschreibung == |
| == Installation == | | == Installation == |
| == Syntax == | | # apt install openssh-server |
| | |
| | == Aufruf == |
| === Parameter === | | === Parameter === |
| === Optionen === | | === Optionen === |
| === Umgebungsvariablen === | | === Umgebung === |
| === Exit-Status === | | === Rückgabewert === |
|
| |
|
| == Konfiguration == | | == Konfiguration == |
| === Dateien ===
| | Die Konfiguration des SSH-Servers '''sshd''' findet über die Datei '''/etc/ssh/sshd_config''' statt |
| | |
| == Anwendungen ==
| |
| == Sicherheit ==
| |
| == Dokumentation ==
| |
| === RFC ===
| |
| === Man-Pages ===
| |
| === Info-Pages ===
| |
| === Siehe auch ===
| |
| | |
| == Links ==
| |
| === Projekt-Homepage ===
| |
| === Weblinks ===
| |
| === Einzelnachweise ===
| |
| <references />
| |
| | |
| == Testfragen ==
| |
| <div class="toccolours mw-collapsible mw-collapsed">
| |
| ''Testfrage 1''
| |
| <div class="mw-collapsible-content">'''Antwort1'''</div>
| |
| </div>
| |
| <div class="toccolours mw-collapsible mw-collapsed">
| |
| ''Testfrage 2''
| |
| <div class="mw-collapsible-content">'''Antwort2'''</div>
| |
| </div>
| |
| <div class="toccolours mw-collapsible mw-collapsed">
| |
| ''Testfrage 3''
| |
| <div class="mw-collapsible-content">'''Antwort3'''</div>
| |
| </div>
| |
| <div class="toccolours mw-collapsible mw-collapsed">
| |
| ''Testfrage 4''
| |
| <div class="mw-collapsible-content">'''Antwort4'''</div>
| |
| </div>
| |
| <div class="toccolours mw-collapsible mw-collapsed">
| |
| ''Testfrage 5''
| |
| <div class="mw-collapsible-content">'''Antwort5'''</div>
| |
| </div>
| |
| | |
| = TMP =
| |
| == SSH-Server ==
| |
| Im Gegensatz zum SSH-Klienten ist der SSH-Server unter Ubuntu standardmäßig nicht installiert.
| |
| # apt-get install openssh-server
| |
| | |
| installieren .
| |
| | |
| Die Konfiguration des SSH-Servers '''sshd''' findet über die Datei '''/etc/ssh/sshd_config''' statt. | |
| * Die Voreinstellungen sind aber durchweg akzeptabel.
| |
|
| |
|
| Wer den '''sshd''' auf einem Gateway oder Router betreibt oder aus einem anderen Grund mehrere Netzwerkschnittstellen verwendet (bspw. | | Wer den '''sshd''' auf einem Gateway oder Router betreibt oder aus einem anderen Grund mehrere Netzwerkschnittstellen verwendet (bspw. |
Zeile 66: |
Zeile 22: |
|
| |
|
| Mit den Direktiven '''AllowUsers''' und '''AllowGroups''' oder '''DenyUsers''' und '''DenyGroups''' lässt sich noch genauer festlegen, welche Benutzer sich anmelden dürfen und welche nicht. | | Mit den Direktiven '''AllowUsers''' und '''AllowGroups''' oder '''DenyUsers''' und '''DenyGroups''' lässt sich noch genauer festlegen, welche Benutzer sich anmelden dürfen und welche nicht. |
| * Dies empfiehlt sich besonders bei Servern. '''AllowGroups admin''' verbietet bspw. | | * Dies empfiehlt sich besonders bei Servern. '''AllowGroups admin''' verbietet bspw. allen Benutzern, die keine Mitglieder der Gruppe ''admin'' sind, den Zugriff. |
| * allen Benutzern, die keine Mitglieder der Gruppe ''admin'' sind, den Zugriff.
| |
|
| |
|
| Wer sich ausschließlich über das noch sicherere anmelden will, der sollte die Benutzung von Passwörtern mit '''PasswordAuthentication no''' abschalten. | | Wer sich ausschließlich über das noch sicherere anmelden will, der sollte die Benutzung von Passwörtern mit '''PasswordAuthentication no''' abschalten. |
|
| |
|
| Falls lange Wartezeiten bei der Anmeldung am SSH-Server auftreten, könnte das an einer fehlgeschlagenen Namensauflösung liegen. | | Falls lange Wartezeiten bei der Anmeldung am SSH-Server auftreten, könnte das an einer fehlgeschlagenen Namensauflösung liegen. |
| * Da man SSH normalerweise sowieso über die IP benutzt, können diese DNS-Anfragen in der '''sshd_config''' deaktiviert werden. | | * Da man SSH normalerweise sowieso über die IP benutzt, können diese DNS-Anfragen in der '''sshd_config''' deaktiviert werden. |
| * Der dafür nötige Eintrag wäre '''UseDNS no'''.
| | '''UseDNS no''' |
|
| |
|
| Nach erfolgter Änderung der Datei '''sshd_config''' muss der Server mit dem Befehl: | | Nach erfolgter Änderung der Datei '''sshd_config''' muss der Server mit dem Befehl: |
|
| |
| sudo reload ssh | | sudo reload ssh |
|
| |
|
Zeile 82: |
Zeile 36: |
|
| |
|
| '''Hinweis''' | | '''Hinweis''' |
|
| |
| Standardmäßig wird der SSH-Server beim Booten geladen. | | Standardmäßig wird der SSH-Server beim Booten geladen. |
| * Ab ist Upstart für den Autostart des SSH-Servers zuständig.
| |
| * Wie man den Autostart deaktiviert, wird im beschrieben.
| |
|
| |
|
| | === Dateien === |
|
| |
|
| | == Anwendung == |
| | == Sicherheit == |
| | == Dokumentation == |
| | === RFC === |
| | === Man-Page === |
| | === Info-Pages === |
| | === Siehe auch === |
|
| |
|
| | == Links == |
| | === Projekt-Homepage === |
| | === Weblinks === |
|
| |
|
|
| |
|
| == OpenSSH server ==
| |
| === Configuration ===
| |
| Different versions of OpenSSH support different options which are not always compatible.
| |
| * This guide shows settings for the most commonly deployed OpenSSH versions at Mozilla - however, using the latest version of OpenSSH is recommended.
| |
|
| |
| ==== Modern (OpenSSH 6.7+) ====
| |
| File: <tt>/etc/ssh/sshd_config</tt>
| |
|
| |
| # Supported HostKey algorithms by order of preference.
| |
| HostKey /etc/ssh/ssh_host_ed25519_key
| |
| HostKey /etc/ssh/ssh_host_rsa_key
| |
| HostKey /etc/ssh/ssh_host_ecdsa_key
| |
|
| |
| KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
| |
|
| |
| Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
| |
|
| |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
| |
|
| |
| # Password based logins are disabled - only public key based logins are allowed.
| |
| AuthenticationMethods publickey
| |
|
| |
| # LogLevel VERBOSE logs user's key fingerprint on login.
| |
| * Needed to have a clear audit track of which key was using to log in.
| |
| LogLevel VERBOSE
| |
|
| |
| # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
| |
| Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
| |
|
| |
| # Root login is not allowed for auditing reasons.
| |
| * This is because it's difficult to track which process belongs to which root user:
| |
| #
| |
| # On Linux, user sessions are tracking using a kernel-side session id, however, this session id is not recorded by OpenSSH.
| |
| # Additionally, only tools such as systemd and auditd record the process session id.
| |
| # On other OSes, the user session id is not necessarily recorded at all kernel-side.
| |
| # Using regular users in combination with /bin/su or /usr/bin/sudo ensure a clear audit track.
| |
| PermitRootLogin No
| |
|
| |
| # Use kernel sandbox mechanisms where possible in unprivileged processes
| |
| # Systrace on OpenBSD, Seccomp on Linux, seatbelt on MacOSX/Darwin, rlimit elsewhere.
| |
| UsePrivilegeSeparation sandbox
| |
|
| |
| File: <tt>/etc/ssh/moduli</tt>
| |
|
| |
| All Diffie-Hellman moduli in use should be at least 3072-bit-long (they are used for <tt>diffie-hellman-group-exchange-sha256</tt>) as per our [https://wiki.mozilla.org/Security/Guidelines/Key_Management Security/Guidelines/Key_Management] recommendations.
| |
| * See also <tt>man moduli</tt>.
| |
|
| |
| To deactivate short moduli in two commands: <tt>awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli</tt>
| |
|
| |
| ==== Intermediate (OpenSSH 5.3) ====
| |
| This is mainly for use by RHEL6, CentOS6, etc.
| |
| * which run older versions of OpenSSH.
| |
|
| |
| File: <tt>/etc/ssh/sshd_config</tt>
| |
|
| |
| # Supported HostKey algorithms by order of preference.
| |
| HostKey /etc/ssh/ssh_host_rsa_key
| |
| HostKey /etc/ssh/ssh_host_ecdsa_key
| |
|
| |
| KexAlgorithms diffie-hellman-group-exchange-sha256
| |
| MACs hmac-sha2-512,hmac-sha2-256
| |
| Ciphers aes256-ctr,aes192-ctr,aes128-ctr
| |
|
| |
| # Password based logins are disabled - only public key based logins are allowed.
| |
| RequiredAuthentications2 publickey
| |
|
| |
| # RequiredAuthentications2 not work on official OpenSSH 5.3 portable.
| |
| # In this is your case, use this instead:
| |
| #PubkeyAuthentication yes
| |
| #PasswordAuthentication no
| |
|
| |
| # LogLevel VERBOSE logs user's key fingerprint on login.
| |
| * Needed to have a clear audit track of which key was using to log in.
| |
| LogLevel VERBOSE
| |
|
| |
| # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
| |
| Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
| |
|
| |
| # Root login is not allowed for auditing reasons.
| |
| * This is because it's difficult to track which process belongs to which root user:
| |
| #
| |
| # On Linux, user sessions are tracking using a kernel-side session id, however, this session id is not recorded by OpenSSH.
| |
| # Additionally, only tools such as systemd and auditd record the process session id.
| |
| # On other OSes, the user session id is not necessarily recorded at all kernel-side.
| |
| # Using regular users in combination with /bin/su or /usr/bin/sudo ensure a clear audit track.
| |
| PermitRootLogin No
| |
|
| |
| File: <tt>/etc/ssh/moduli</tt>
| |
|
| |
| All Diffie-Hellman moduli in use should be at least 2048-bit-long.
| |
| * From the structure of <tt>moduli</tt> files, this means the fifth field of all lines in this file should be greater than or equal to 2047.
| |
|
| |
| To deactivate weak moduli in two commands: <tt>awk '$5 >= 2047' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli</tt>
| |
|
| |
| ==== Multi-Factor Authentication (OpenSSH 6.3+) ====
| |
| Recent versions of OpenSSH support MFA (Multi-Factor Authentication).
| |
| * Using MFA is recommended where possible.
| |
|
| |
| It requires additional setup, such as using the [http://www.nongnu.org/oath-toolkit/ OATH Toolkit] or [https://www.duosecurity.com/ DuoSecurity].
| |
|
| |
| {|| class="wikitable sortable"
| |
| |-
| |
| || <span >'''ATTENTION</span> '''
| |
| |-
| |
| || In order to allow using one time passwords (OTPs) and any other text input, Keyboard-interactive is enabled in OpenSSH.
| |
| * This ''MAY'' allow for password authentication to work.
| |
| * It is therefore very important to check your PAM configuration so that PAM disallow password authentication for OpenSSH.
| |
|
| |
| |-
| |
| |}
| |
|
| |
| ===== OpenSSH 6.3+ (default) =====
| |
| File: <tt>/etc/ssh/sshd_config</tt>
| |
|
| |
| # IMPORTANT: you will have to ensure OpenSSH cannot authenticate with passwords with PAM in /etc/pam.d/sshd
| |
| # "PasswordAuthentication no" is not sufficient!
| |
| PubkeyAuthentication yes
| |
| PasswordAuthentication no
| |
| AuthenticationMethods publickey,keyboard-interactive:pam
| |
| KbdInteractiveAuthentication yes
| |
| UsePAM yes
| |
| # Ensure /bin/login is not used so that it cannot bypass PAM settings for sshd.
| |
| UseLogin no
| |
|
| |
| ===== OpenSSH 5.3+ w/ RedHat/CentOS patch (old) =====
| |
| File: <tt>/etc/ssh/sshd_config</tt>
| |
|
| |
| # Allow keyboard-interactive.
| |
| # IMPORTANT: you will have to ensure OpenSSH cannot authenticate with passwords with PAM in /etc/pam.d/sshd
| |
| # "PasswordAuthentication no" is not sufficient!
| |
| RequiredAuthentications2 publickey,keyboard-interactive:skey
| |
| PasswordAuthentication no
| |
| ChallengeResponseAuthentication yes
| |
| UsePAM yes
| |
| # Ensure /bin/login is not used so that it cannot bypass PAM settings for sshd.
| |
| UseLogin no
| |
|
| |
| PAM configuration for use with the [https://www.nongnu.org/oath-toolkit/ OATH Toolkit] or [https://www.duosecurity.com/ DuoSecurity] as second authentication factor.
| |
|
| |
| File: <tt>/etc/pam.d/sshd</tt>
| |
|
| |
| #%PAM-1.0
| |
| auth required pam_sepermit.so
| |
|
| |
| # WARNING: make sure any password authentication module is disabled.
| |
| # Example: pam_unix.so, or "password-auth", "system-auth", etc.
| |
| #auth include password-auth
| |
|
| |
| # Options to enable when using OATH toolkit
| |
| #auth requisite pam_oath.so usersfile=/etc/users.oath digits=6 window=20
| |
|
| |
| # Options to enable when using DuoSecurity
| |
| #auth sufficient /lib64/security/pam_duo.so
| |
|
| |
| account required pam_nologin.so
| |
|
| |
| === Ciphers and algorithms choice ===
| |
| * When CHACHA20 (OpenSSH 6.5+) is not available, AES-GCM (OpenSSH 6.1+) and any other algorithm using EtM (Encrypt then MAC) [http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html disclose the packet length] - giving some information to the attacker.
| |
| * Only recent OpenSSH servers and client support CHACHA20.
| |
|
| |
| * NIST curves (<tt>ecdh-sha2-nistp512,ecdh-sha2-nistp384,ecdh-sha2-nistp256</tt>) are listed for compatibility, but the use of <tt>curve25519</tt> is [https://safecurves.cr.yp.to/ generally preferred].
| |
|
| |
| * SSH protocol 2 supports [https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange DH] and [https://en.wikipedia.org/wiki/Elliptic_curve_Diffie–Hellman ECDH] key-exchange as well as [https://en.wikipedia.org/wiki/Forward_secrecy forward secrecy].
| |
| * Regarding group sizes, please refer to [https://wiki.mozilla.org/Security/Guidelines/Key_Management Security/Guidelines/Key_Management].
| |
|
| |
| The various algorithms supported by a particular OpenSSH version can be listed with the following commands:
| |
| $ ssh -Q cipher
| |
| $ ssh -Q cipher-auth
| |
| $ ssh -Q mac
| |
| $ ssh -Q kex
| |
| $ ssh -Q key
| |
|
| |
| = Appendixes =
| |
| == Key material handling ==
| |
| Key material identifies the cryptographic secrets that compose a key. All key material must be treated as <span >RESTRICTED</span> data, meaning that: * Only individual with specific training and need-to-know should have access to key material.
| |
| * Key material must be encrypted on transmission.
| |
| * Key material can be stored in clear text, but only with proper access control (limited access).
| |
|
| |
| This includes: * OpenSSH server keys (<tt>/etc/ssh/ssh_host_*key</tt>)
| |
| * Client keys (<tt>~/.ssh/id_{rsa,dsa,ecdsa,ed25519}</tt> and <tt>~/.ssh/identity</tt>).
| |
|
| |
| == Client key size and login latency ==
| |
| In order to figure out the impact on performance of using larger keys - such as RSA 4096 bytes keys - on the client side, we have run a few tests:
| |
|
| |
| On an idle, i7 4500 intel CPU using OpenSSH_6.7p1, OpenSSL 1.0.1l and ed25519 server keys the following command is ran 10 times:
| |
|
| |
| <tt>time ssh localhost -i .ssh/id_thekey exit</tt>
| |
|
| |
| Results:
| |
|
| |
| {|| class="wikitable sortable"
| |
| |-
| |
| || '''Client key '''
| |
| || '''Minimum '''
| |
| || '''Maximum '''
| |
| || '''Average '''
| |
| |-
| |
| || RSA 4096
| |
| || 120ms
| |
| || 145ms
| |
| || 127ms
| |
| |-
| |
| || RSA 2048
| |
| || 120ms
| |
| || 129ms
| |
| || 127ms
| |
| |-
| |
| || ed25519
| |
| || 117ms
| |
| || 138ms
| |
| || 120ms
| |
| |-
| |
| |}
| |
|
| |
| Keep in mind that these numbers may differ on a slower machine, and that this contains the complete login sequence and therefore is subject to variations. However, it seems safe to say that the latency differences are not significant and do not impact performance sufficiently to cause any concern regardless of the type of key used.
| |
|
| |
| == Reference documents ==
| |
| * [https://wiki.mozilla.org/Security/Key_Management Key Management]
| |
| * [https://wiki.mozilla.org/Security/Server_Side_TLS Server Side TLS]
| |
| * [https://www.ietf.org/rfc/rfc4418.txt RFC4418 (umac)]
| |
| * [http://www.openssh.com/txt/draft-miller-secsh-umac-01.txt umac draft]
| |
| * [https://safecurves.cr.yp.to/ Safe curves]
| |
| * [http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html DJM blog]
| |
| * [https://stribika.github.io/2015/01/04/secure-secure-shell.html Stribika blog]
| |
| * [http://2013.diac.cr.yp.to/slides/gueron.pdf AES-GCM performance study]
| |
| * [https://security.googleblog.com/2014/04/speeding-up-and-strengthening-https.html CHACHA20 vs AES-GCM performance study]
| |
| * [http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.9&content-type=text/plain PROTOCOL.certkeys]
| |
| * [https://wiki.gnupg.org/rfc4880bis rfc44880bis from GnuPG]
| |
| * [https://weakdh.org/ Weak Diffie-Hellman and the Logjam Attack]
| |
| * [https://jbeekman.nl/blog/2015/05/ssh-logjam/ On OpenSSH and Logjam, by Jethro Beekman]
| |
|
| |
|
| | = TMP = |
|
| |
|
| [[Kategorie:Entwurf]] | | [[Kategorie:SSH]] |
| [[Kategorie:ssh]]
| |
topic - Kurzbeschreibung
Beschreibung
Installation
# apt install openssh-server
Aufruf
Parameter
Optionen
Umgebung
Rückgabewert
Konfiguration
Die Konfiguration des SSH-Servers sshd findet über die Datei /etc/ssh/sshd_config statt
Wer den sshd auf einem Gateway oder Router betreibt oder aus einem anderen Grund mehrere Netzwerkschnittstellen verwendet (bspw.
- WLAN), der möchte dort vielleicht die ListenAddress-Direktive benutzen, um den Server nur an bestimmten Netzwerk-Schnittstellen laufen zu lassen.
Außerdem kann es sinnvoll sein, PermitRootLogin auf no zu setzen.
- Dann kann sich niemand direkt als root einloggen, sondern man meldet sich unter seinem Benutzernamen an und ruft dann su oder sudo -s auf.
- Dies ist aber unter Ubuntu nur relevant, sollte man dem "root"-Benutzerkonto ein Passwort zugewiesen haben.
Mit den Direktiven AllowUsers und AllowGroups oder DenyUsers und DenyGroups lässt sich noch genauer festlegen, welche Benutzer sich anmelden dürfen und welche nicht.
- Dies empfiehlt sich besonders bei Servern. AllowGroups admin verbietet bspw. allen Benutzern, die keine Mitglieder der Gruppe admin sind, den Zugriff.
Wer sich ausschließlich über das noch sicherere anmelden will, der sollte die Benutzung von Passwörtern mit PasswordAuthentication no abschalten.
Falls lange Wartezeiten bei der Anmeldung am SSH-Server auftreten, könnte das an einer fehlgeschlagenen Namensauflösung liegen.
- Da man SSH normalerweise sowieso über die IP benutzt, können diese DNS-Anfragen in der sshd_config deaktiviert werden.
UseDNS no
Nach erfolgter Änderung der Datei sshd_config muss der Server mit dem Befehl:
sudo reload ssh
neugestartet werden, damit die Änderungen wirksam werden.
Hinweis
Standardmäßig wird der SSH-Server beim Booten geladen.
Dateien
Anwendung
Sicherheit
Dokumentation
RFC
Man-Page
Info-Pages
Siehe auch
Links
Projekt-Homepage
Weblinks
TMP