---
date: 2020-09-18T15:58:58+02:00
description: "Harden SSH server!"
draft: false
tags: ['SSH','harden']
title: "OpenSSH : Harden the service"
translationKey: 'sshd-harden'
---
## Description
By default, even on OpenBSD, the SSH configuration is not the most secure.
NISTP Algorithms — *likely to be an NSA backdoor; but beware, this is
seem to be a rumor*, even SHA1 are always used.
{{}}
Use absolutly an OpenSSH version greater than the v6.5!
{{}}
## Configuration
* Configuration file: `/etc/ssh/sshd_config`
---
Apply ABSOLUTELY this following recommandations:
* Use **only** the v2 protocol,
* **Do not connect with root account**
* disable the **PasswordAuthentication** option
* use **only** the **PubkeyAuthentication** option
### Recreate host keys
```sh
$ cd /etc/ssh
# rm ssh_host_*
# ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N ""
# ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key -N "" -o -a 64
```
{{< note info >}}
Do not use passphrase during the generation, otherwise the server will not
be able to read them…
Anyway, the `/var/log/auth` file will help you!
{{}}
---
Next, you need to pay attention to the following:
### HostKey
{{< note warning >}}
{{< color red >}}DO NOT USE the DSA, ECDSA protocols!{{}}
{{}}
**Comment** the `HostKey` options to keep only related RSA and
ED25519 encryptions.
```cfg
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
```
{{< note tip >}}
You can use only elliptic curves keys, such ed25519. In this case, make
sure that all your SSH clients can use this encryption mode too.
{{}}
### Ciphers
Allow those **ciphers**:
`Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com`
### KeyExchange
Focus on those **KeyExchange algoritms**:
`KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org`
### HostKeyAlgorithms
The **HostKeyAlgorithms**:
`HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com`
{{< note info >}}
Segun you OpenSSH version, it's possible to obtain a error message.
See the section "{{< anchor "Troubleshooting" "Bad key types" >}}"!
{{}}
### MACs
Choose those **Message Authentication Codes**:
`MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com`
### Moduli
The moduli file containt prime numbers and generators to be used by the
SSH server in the {{< abbr DH "Diffie-Hellman" >}} group key exchange method.
{{< note warning >}}
Since 2017, this [bug #2793](https://bugzilla.mindrot.org/show_bug.cgi?id=2793)
explains that in some contexts the proper functioning fails, following
recommendations below.
If you can no longer login, consider reversing this change!
{{}}
#### Moduli / Linux
It is recommended to recreate it, in such a way:
```sh
awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe
mv /etc/ssh/moduli.safe /etc/ssh/moduli
```
#### Moduli / OpenBSD
Yes, it is possible to create, as:
`ssh-keygen -G /etc/ssh/moduli -b 3072`
Attention, the generation will be long and depends very strongly on the
power of your server.
However, you should know that for a few years/versions, the file is
already generated and happens to be in `/etc/moduli`
See {{< man moduli 5 >}}
### Sandbox
{{< note warning >}}
Since v7.5, this is an deprecated and obsolete option!
**Do not use it anymore!**
{{< /note >}}
## TL;DR
Here is a minimalist example of the secure configuration file on the server
side:
```cfg
Port 22
ListenAddress 192.168.xxx.yyy
ListenAddress fd00:abcd:efg0::1
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
```
## Troubleshooting
### Bad key types
If you had this following error:
`/etc/ssh/sshd_config line 26: Bad key types 'ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com'`
Delete those `sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com`
algorithms, and {{< anchor test test >}} again. If, **OK**, reload the service.
### LoginGraceTime
Think to grow the value of the `LoginGraceTime` option. Using RSA + PKBDF,
or ed25519 keys, require more time for connections.
Egual, you will not see any error messages into the auth log.
---
### Test
* To check the configuration: `# sshd -t`
---
#### ssh-audit
It exists a tool, named `ssh-audit` to check if your configuration is secure.
Install and execute against your server as:
`$ ssh-audit adresse-ip-serveur-ssh`
* You need to fix URGENTLY all red colored messages.
* A green colored message mean OK
#### sshaudit on internet
It is possible to test too your server with the **sshaudit** website:
https://www.sshaudit.com
---
## Documentation
### Manpages
* {{< man sshd 8 >}}, {{< man sshd_config 5 >}}, {{< man sftp-server 8 >}}
* {{< man moduli 5 >}}
### Others
* https://infosec.mozilla.org/guidelines/openssh
* https://www.sshaudit.com/hardening_guides.html
---