|
|
Zeile 136: |
Zeile 136: |
|
| |
|
| = TMP = | | = TMP = |
| == SSH Server ==
| |
| ; SSH is used to
| |
| * remotely manage computer systems
| |
| * secururly transfer files over untrusted networks
| |
| * create "ad-hoc" virtual-private networks
| |
|
| |
| === OpenSSH ===
| |
| * [https://www.openssh.com/ OpenSSH] is the most popular implementation of the SSH protocol
| |
| * It is maintained by the [https://openbsd.org/ OpenBSD] project
| |
| * portable versions are disitributed with many unix-like operating-systems and Windows Server
| |
|
| |
| ; Tested versions
| |
| * OpenSSH 6.6p1 (Gentoo)
| |
| * OpenSSH 6.6p1-2 on Ubuntu 14.04.2 LTS
| |
| * OpenSSH 7.2p2 on Ubuntu 16.04.3 LTS
| |
|
| |
| ==== Settings ====
| |
| ; Important OpenSSH 6.6 security settings
| |
| # Package generated configuration file
| |
| # See the sshd_config(5) manpage for details
| |
| # What ports, IPs and protocols we listen for
| |
| Port 22
| |
| # Use these options to restrict which interfaces/protocols sshd will bind to
| |
| #ListenAddress ::
| |
| #ListenAddress 0.0.0.0
| |
| Protocol 2
| |
| # HostKeys for protocol version 2
| |
| HostKey /etc/ssh/ssh_host_rsa_key
| |
| #HostKey /etc/ssh/ssh_host_dsa_key
| |
| #HostKey /etc/ssh/ssh_host_ecdsa_key
| |
| HostKey /etc/ssh/ssh_host_ed25519_key
| |
| #Privilege Separation is turned on for security
| |
| UsePrivilegeSeparation yes
| |
| # Lifetime and size of ephemeral version 1 server key
| |
| KeyRegenerationInterval 3600
| |
| ServerKeyBits 1024
| |
| # Logging
| |
| SyslogFacility AUTH
| |
| LogLevel INFO
| |
| # Authentication:
| |
| LoginGraceTime 120
| |
| PermitRootLogin no # or 'without-password' to allow SSH key based login
| |
| StrictModes yes
| |
| RSAAuthentication yes
| |
| PubkeyAuthentication yes
| |
| #AuthorizedKeysFile %h/.ssh/authorized_keys
| |
| # Don't read the user's ~/.rhosts and ~/.shosts files
| |
| IgnoreRhosts yes
| |
| # For this to work you will also need host keys in /etc/ssh_known_hosts
| |
| RhostsRSAAuthentication no
| |
| # similar for protocol version 2
| |
| HostbasedAuthentication no
| |
| # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
| |
| #IgnoreUserKnownHosts yes
| |
| # To enable empty passwords, change to yes (NOT RECOMMENDED)
| |
| PermitEmptyPasswords no
| |
| # Change to yes to enable challenge-response passwords (beware issues with
| |
| # some PAM modules and threads)
| |
| ChallengeResponseAuthentication no
| |
| # Change to no to disable tunnelled clear text passwords
| |
| #PasswordAuthentication yes
| |
| # Kerberos options
| |
| #KerberosAuthentication no
| |
| #KerberosGetAFSToken no
| |
| #KerberosOrLocalPasswd yes
| |
| #KerberosTicketCleanup yes
| |
| # GSSAPI options
| |
| #GSSAPIAuthentication no
| |
| #GSSAPICleanupCredentials yes
| |
| # Cipher selection
| |
| Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
| |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
| |
| KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
| |
| X11Forwarding yes
| |
| X11DisplayOffset 10
| |
| PrintMotd no
| |
| PrintLastLog yes
| |
| TCPKeepAlive yes
| |
| #UseLogin no
| |
| #MaxStartups 10:30:60
| |
| #Banner /etc/issue.net
| |
| # Allow client to pass locale environment variables
| |
| AcceptEnv LANG LC_*
| |
| Subsystem sftp /usr/lib/openssh/sftp-server
| |
| # Set this to 'yes' to enable PAM authentication, account processing,
| |
| # and session processing. If this is enabled, PAM authentication will
| |
| # be allowed through the ChallengeResponseAuthentication and
| |
| # PasswordAuthentication. Depending on your PAM configuration,
| |
| # PAM authentication via ChallengeResponseAuthentication may bypass
| |
| # the setting of "PermitRootLogin without-password".
| |
| # If you just want the PAM account and session checks to run without
| |
| # PAM authentication, then enable this but set PasswordAuthentication
| |
| # and ChallengeResponseAuthentication to 'no'.
| |
| UsePAM yes
| |
|
| |
| ; Curve25519
| |
| : OpenSSH 6.6p1 supports Curve25519
| |
|
| |
| ; Tested Version
| |
| : OpenSSH 6.5 (Debian Jessie)
| |
|
| |
| ==== Settings ====
| |
| ; Important OpenSSH 6.5 security settings
| |
| # Package generated configuration file
| |
| # See the sshd_config(5) manpage for details
| |
| # What ports, IPs and protocols we listen for
| |
| Port 22
| |
| # Use these options to restrict which interfaces/protocols sshd will bind to
| |
| #ListenAddress ::
| |
| #ListenAddress 0.0.0.0
| |
| Protocol 2
| |
| # HostKeys for protocol version 2
| |
| HostKey /etc/ssh/ssh_host_rsa_key
| |
| #HostKey /etc/ssh/ssh_host_dsa_key
| |
| #HostKey /etc/ssh/ssh_host_ecdsa_key
| |
| HostKey /etc/ssh/ssh_host_ed25519_key
| |
| #Privilege Separation is turned on for security
| |
| UsePrivilegeSeparation yes
| |
| # Lifetime and size of ephemeral version 1 server key
| |
| KeyRegenerationInterval 3600
| |
| ServerKeyBits 1024
| |
| # Logging
| |
| SyslogFacility AUTH
| |
| LogLevel INFO
| |
| # Authentication:
| |
| LoginGraceTime 120
| |
| PermitRootLogin no # or 'without-password' to allow SSH key based login
| |
| StrictModes yes
| |
| RSAAuthentication yes
| |
| PubkeyAuthentication yes
| |
| #AuthorizedKeysFile %h/.ssh/authorized_keys
| |
| # Don't read the user's ~/.rhosts and ~/.shosts files
| |
| IgnoreRhosts yes
| |
| # For this to work you will also need host keys in /etc/ssh_known_hosts
| |
| RhostsRSAAuthentication no
| |
| # similar for protocol version 2
| |
| HostbasedAuthentication no
| |
| # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
| |
| #IgnoreUserKnownHosts yes
| |
| # To enable empty passwords, change to yes (NOT RECOMMENDED)
| |
| PermitEmptyPasswords no
| |
| # Change to yes to enable challenge-response passwords (beware issues with
| |
| # some PAM modules and threads)
| |
| ChallengeResponseAuthentication no
| |
| # Change to no to disable tunnelled clear text passwords
| |
| #PasswordAuthentication yes
| |
| # Kerberos options
| |
| #KerberosAuthentication no
| |
| #KerberosGetAFSToken no
| |
| #KerberosOrLocalPasswd yes
| |
| #KerberosTicketCleanup yes
| |
| # GSSAPI options
| |
| #GSSAPIAuthentication no
| |
| #GSSAPICleanupCredentials yes
| |
| # Cipher selection
| |
| Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
| |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
| |
| KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
| |
| X11Forwarding yes
| |
| X11DisplayOffset 10
| |
| PrintMotd no
| |
| PrintLastLog yes
| |
| TCPKeepAlive yes
| |
| #UseLogin no
| |
| #MaxStartups 10:30:60
| |
| #Banner /etc/issue.net
| |
| # Allow client to pass locale environment variables
| |
| AcceptEnv LANG LC_*
| |
| Subsystem sftp /usr/lib/openssh/sftp-server
| |
| # Set this to 'yes' to enable PAM authentication, account processing,
| |
| # and session processing. If this is enabled, PAM authentication will
| |
| # be allowed through the ChallengeResponseAuthentication and
| |
| # PasswordAuthentication. Depending on your PAM configuration,
| |
| # PAM authentication via ChallengeResponseAuthentication may bypass
| |
| # the setting of "PermitRootLogin without-password".
| |
| # If you just want the PAM account and session checks to run without
| |
| # PAM authentication, then enable this but set PasswordAuthentication
| |
| # and ChallengeResponseAuthentication to 'no'.
| |
| UsePAM yes
| |
|
| |
| ==== Tested with Version ====
| |
| * OpenSSH 6.0p1 (Debian wheezy)
| |
|
| |
| ==== Settings ====
| |
| ; Important OpenSSH 6.0 security settings
| |
| # Package generated configuration file
| |
| # See the sshd_config(5) manpage for details
| |
| # What ports, IPs and protocols we listen for
| |
| Port 22
| |
| # Use these options to restrict which interfaces/protocols sshd will bind to
| |
| #ListenAddress ::
| |
| #ListenAddress 0.0.0.0
| |
| Protocol 2
| |
| # HostKeys for protocol version 2
| |
| HostKey /etc/ssh/ssh_host_rsa_key
| |
| #HostKey /etc/ssh/ssh_host_dsa_key
| |
| #HostKey /etc/ssh/ssh_host_ecdsa_key
| |
| #Privilege Separation is turned on for security
| |
| UsePrivilegeSeparation yes
| |
| # Lifetime and size of ephemeral version 1 server key
| |
| KeyRegenerationInterval 3600
| |
| ServerKeyBits 768
| |
| # Logging
| |
| SyslogFacility AUTH
| |
| LogLevel INFO
| |
| # Authentication:
| |
| LoginGraceTime 120
| |
| PermitRootLogin no # or 'without-password' to allow SSH key based login
| |
| StrictModes yes
| |
| RSAAuthentication yes
| |
| PubkeyAuthentication yes
| |
| #AuthorizedKeysFile %h/.ssh/authorized_keys
| |
| # Don't read the user's ~/.rhosts and ~/.shosts files
| |
| IgnoreRhosts yes
| |
| # For this to work you will also need host keys in /etc/ssh_known_hosts
| |
| RhostsRSAAuthentication no
| |
| # similar for protocol version 2
| |
| HostbasedAuthentication no
| |
| # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
| |
| #IgnoreUserKnownHosts yes
| |
| # To enable empty passwords, change to yes (NOT RECOMMENDED)
| |
| PermitEmptyPasswords no
| |
| # Change to yes to enable challenge-response passwords (beware issues with
| |
| # some PAM modules and threads)
| |
| ChallengeResponseAuthentication no
| |
| # Change to no to disable tunnelled clear text passwords
| |
| #PasswordAuthentication yes
| |
| # Kerberos options
| |
| #KerberosAuthentication no
| |
| #KerberosGetAFSToken no
| |
| #KerberosOrLocalPasswd yes
| |
| #KerberosTicketCleanup yes
| |
| # GSSAPI options
| |
| #GSSAPIAuthentication no
| |
| #GSSAPICleanupCredentials yes
| |
| # Cipher selection
| |
| Ciphers aes256-ctr,aes128-ctr
| |
| MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
| |
| KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
| |
| X11Forwarding yes
| |
| X11DisplayOffset 10
| |
| PrintMotd no
| |
| PrintLastLog yes
| |
| TCPKeepAlive yes
| |
| #UseLogin no
| |
| #MaxStartups 10:30:60
| |
| #Banner /etc/issue.net
| |
| # Allow client to pass locale environment variables
| |
| AcceptEnv LANG LC_*
| |
| Subsystem sftp /usr/lib/openssh/sftp-server
| |
| # Set this to 'yes' to enable PAM authentication, account processing,
| |
| # and session processing. If this is enabled, PAM authentication will
| |
| # be allowed through the ChallengeResponseAuthentication and
| |
| # PasswordAuthentication. Depending on your PAM configuration,
| |
| # PAM authentication via ChallengeResponseAuthentication may bypass
| |
| # the setting of "PermitRootLogin without-password".
| |
| # If you just want the PAM account and session checks to run without
| |
| # PAM authentication, then enable this but set PasswordAuthentication
| |
| # and ChallengeResponseAuthentication to 'no'.
| |
| UsePAM yes
| |
|
| |
| ==== Kompatibilität ====
| |
| * Older '''Linux''' systems won’t support SHA2
| |
| * PuTTY (Windows) does not support RIPE-MD160
| |
| * Curve25519, AES-GCM and UMAC are only available upstream (OpenSSH 6.6p1)
| |
| * DSA host keys have been removed on purpose, the DSS standard does not support for DSA keys stronger than 1024bit [[https://bettercrypto.org/#_footnotedef_5 5]] which is far below current standards (see section #section:keylengths)
| |
| * Legacy systems can use this configuration and simply omit unsupported ciphers, key exchange algorithms and MACs
| |
|
| |
| ==== References ====
| |
| * [https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html Cisco SSH] is a basic SSH reference for all routers and switches
| |
| * Refer to the specific documentation of the device and IOS version that you are configuring
| |
|
| |
| ==== How to test ====
| |
| Connect a client with verbose logging enabled to the SSH server
| |
| $ ssh -vvv myserver.com
| |
| and observe the key exchange in the output.
| |
|
| |
| === Cisco ASA ===
| |
|
| |
| ==== Tested with Versions ====
| |
| * 9.1(3)
| |
|
| |
| ==== Settings ====
| |
| * crypto key generate rsa modulus 2048
| |
| * ssh version 2
| |
| * ssh key-exchange group dh-group14-sha1
| |
|
| |
|
| |
| * When the ASA is configured for SSH, by default both SSH versions 1 and 2 are allowed.
| |
| * In addition to that, only a group1 DH-key-exchange is used.
| |
| * This should be changed to allow only SSH version 2 and to use a key-exchange with group14.
| |
| * The generated RSA key should be 2048 bit (the actual supported maximum).
| |
| * A non-cryptographic best practice is to reconfigure the lines to only allow SSH-logins.
| |
|
| |
| ==== References ====
| |
| # [https://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/admin_management.html CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.1]
| |
|
| |
| ==== How to test ====
| |
| Connect a client with verbose logging enabled to the SSH server
| |
| $ ssh -vvv myserver.com
| |
| and observe the key exchange in the output.
| |
|
| |
| === Cisco IOS ===
| |
| ==== Tested Versions ====
| |
|
| |
| {| class="wikitable sortable options" style="border-spacing:0;width:9.259cm;"
| |
| |-
| |
| || Program Version
| |
| || OS/Distribution/Version
| |
| || Comment
| |
| |-
| |
| || 15.0
| |
| || IOS
| |
| ||
| |
| |-
| |
| || 15.1
| |
| || IOS
| |
| ||
| |
| |-
| |
| || 15.2
| |
| || IOS
| |
| ||
| |
| |-
| |
| |}
| |
|
| |
| ==== Settings ====
| |
| crypto key generate rsa modulus 4096 label SSH-KEYS
| |
| ip ssh rsa keypair-name SSH-KEYS
| |
| ip ssh version 2
| |
| ip ssh dh min size 2048
| |
| line vty 0 15
| |
| transport input ssh
| |
|
| |
| * Same as with the ASA, also on IOS by default both SSH versions 1 and 2 are allowed and the DH-key-exchange only use a DH-group of 768 Bit.
| |
| * In IOS, a dedicated Key-pair can be bound to SSH to reduce the usage of individual keys-pairs.
| |
| * From IOS Version 15.0 onwards, 4096 Bit rsa keys are supported and should be used according to the paradigm "use longest supported key".
| |
| * Also, do not forget to disable telnet vty access.
| |
|
| |
| ==== How to test ====
| |
| Connect a client with verbose logging enabled to the SSH server
| |
| $ ssh -vvv switch.example.net
| |
| and observe the key exchange in the output.
| |
|
| |
|
| |
| [[Kategorie:Kryptografie:Best Practice]] | | [[Kategorie:Kryptografie:Best Practice]] |
| [[Kategorie:SSH]] | | [[Kategorie:SSH]] |