From 52be89084d7238f71ffab098cb27fffc364370e2 Mon Sep 17 00:00:00 2001 From: Eric Light Date: Mon, 9 Mar 2015 13:30:17 +1300 Subject: [PATCH 1/2] Update sshd-pfs_config Added more detail for a strong sshd_config file --- configs/sshd/sshd-pfs_config | 50 ++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 11 deletions(-) diff --git a/configs/sshd/sshd-pfs_config b/configs/sshd/sshd-pfs_config index 7f48da4..83e458d 100644 --- a/configs/sshd/sshd-pfs_config +++ b/configs/sshd/sshd-pfs_config @@ -1,11 +1,39 @@ -# Specifies the ciphers allowed for protocol version 2. -# The default is: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256, -# arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, -# aes256-cbc,arcfour -Ciphers aes256-ctr - -# Specifies the available MAC (message authentication code) algorithms. -# The default is: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160, -# hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, -# hmac-sha2-512-96 -MACs hmac-sha2-512 +# COMPATIBILITY +# The below options are compatible with OpenSSH 6.6+, PuTTY 0.64+, and AbsoluteTelnet 9.84+ (RC10 at 2015-03-09) + +# Specify strong key exchange algorithms; preferrably curve25519, but allow DHG-SHA256 for compatibility +KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 + +# Specify strong ciphers: chacha or aes256-GCM for authenticated encryption; aes256-CTR for compatibility +Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr + +# Specify strong MAC's, preferring Encrypt-then-MAC methods; strong SHA2 for compatibility +MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256 + +# Restrict incoming connections to authenticate with Pubkey authentication only +# Uncomment once you've created and tested your public & private keys +# PasswordAuthentication no + +# Only allow members of the ssh-user group to connect to this server +# Uncomment once you've created an ssh-user group and added expected users to the group +# AllowGroups ssh-user + +# Limit the grace time for logins to as short as possible in your situation. +# For fast connections & pubkey authentication, this can go down to ~5 seconds +# Warning: a low grace time can make slow connections timeout before the connection is completed +LoginGraceTime 30 + +# Prevent the root user from accessing SSH. +PermitRootLogin no + +# Disable SSHv1 +Protocol 2 + +# Make sure that file permissions for private & public key files are safe +StrictModes yes + +# Prevent privilege escalation - keeps any corruption within an unprivileged processes +UsePrivilegeSeparation yes + +# PAM enables ChallengeResponseAuthentication and PasswordAuthentication; disable to leave only Pubkey enabled +UsePAM no From 91164b7f03bd9e95edb7e19febd101d7a600c6bc Mon Sep 17 00:00:00 2001 From: Eric Light Date: Fri, 21 Aug 2015 16:30:52 +1200 Subject: [PATCH 2/2] Additional comments, and some tweaks Changed PrivilegeSeparation to sandbox (thanks, @fmarier!) Added VERBOSE log level Added 4096-bit RSA key (usually 1024 or 2048 bit created on initial system install) --- configs/sshd/sshd-pfs_config | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/configs/sshd/sshd-pfs_config b/configs/sshd/sshd-pfs_config index 83e458d..235f84e 100644 --- a/configs/sshd/sshd-pfs_config +++ b/configs/sshd/sshd-pfs_config @@ -1,10 +1,20 @@ # COMPATIBILITY # The below options are compatible with OpenSSH 6.6+, PuTTY 0.64+, and AbsoluteTelnet 9.84+ (RC10 at 2015-03-09) +# Only allow secure host keys for authentication +# No DSA (weak), no ECDSA (avoid NIST; re http://blog.cr.yp.to/20140323-ecdsa.html) +# Drop the default-generated 2048-bit RSA key, and use the new 4096 instead +# Re ED21159 vs RSA 4096: http://security.stackexchange.com/questions/90077/ssh-key-ed25519-vs-rsa +# Create the 4096 key with sudo ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa4096 < /dev/null +HostKey /etc/ssh/ssh_host_ed25519 +HostKey /etc/ssh/ssh_host_rsa4096 + # Specify strong key exchange algorithms; preferrably curve25519, but allow DHG-SHA256 for compatibility +# Curve25519 isn't using NIST curves (yay), and is immune to several side-channel attacks: http://ed25519.cr.yp.to/ KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 # Specify strong ciphers: chacha or aes256-GCM for authenticated encryption; aes256-CTR for compatibility +# Prefer Chacha20 (also allow strong AES): http://googleonlinesecurity.blogspot.co.nz/2014/04/speeding-up-and-strengthening-https.html Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr # Specify strong MAC's, preferring Encrypt-then-MAC methods; strong SHA2 for compatibility @@ -23,17 +33,23 @@ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,h # Warning: a low grace time can make slow connections timeout before the connection is completed LoginGraceTime 30 -# Prevent the root user from accessing SSH. -PermitRootLogin no - # Disable SSHv1 Protocol 2 -# Make sure that file permissions for private & public key files are safe +# Prevent the root user from logging on remotely; helps keep the root account safe from brute-force attacks +PermitRootLogin no + +# Ensures file permissions for keys etc are all OK before accepting login StrictModes yes -# Prevent privilege escalation - keeps any corruption within an unprivileged processes -UsePrivilegeSeparation yes +# Setting Logging to VERBOSE will log key fingerprints on login; helps with access auditing! +# From https://wiki.mozilla.org/Security/Guidelines/OpenSSH#OpenSSH_server +LogLevel VERBOSE + +# Using 'sandbox' mode further restricts the pre-authentication process, limiting system calls +# See http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd/Makefile?rev=1.73&content-type=text/x-cvsweb-markup +UsePrivilegeSeparation sandbox -# PAM enables ChallengeResponseAuthentication and PasswordAuthentication; disable to leave only Pubkey enabled +# Disable additional access vectors proivded by PAM +# You COULD use PAM to provide more sophisticated security, but if you're not, just disable it UsePAM no