---
date: 2020-09-18T15:58:58+02:00
description: "Harden SSH server!"
draft: false
tags: ['SSH','harden']
title: "OpenSSH : Harden the service"
translationKey: 'sshd-harden'
---

## Description

By default, even on OpenBSD, the SSH configuration is not the most secure. 

NISTP Algorithms — *likely to be an NSA backdoor; but beware, this is 
seem to be a rumor*, even SHA1 are always used. 

{{<note warning>}}
Use absolutly an OpenSSH version greater than the v6.5!
{{</note>}}

## Configuration

* Configuration file: `/etc/ssh/sshd_config`

---

Apply ABSOLUTELY this following recommandations: 

* Use **only** the v2 protocol,
* **Do not connect with root account**
* disable the **PasswordAuthentication** option
* use **only** the **PubkeyAuthentication** option

### Recreate host keys

```sh
$ cd /etc/ssh
# rm ssh_host_*
# ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N ""
# ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key -N "" -o -a 64
```

{{< note info >}}
Do not use passphrase during the generation, otherwise the server will not
be able to read them…

Anyway, the `/var/log/auth` file will help you!
{{</note>}}

---

Next, you need to pay attention to the following:

### HostKey

{{< note warning >}}
{{< color red >}}DO NOT USE the DSA, ECDSA protocols!{{</color>}}
{{</note>}}

**Comment** the `HostKey` options to <span em>keep only related RSA and 
ED25519 encryptions</span>. 

```cfg
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
```

{{< note tip >}}
You can use only elliptic curves keys, such ed25519. In this case, make 
sure that all your SSH clients can use this encryption mode too.
{{</note>}}

### Ciphers

Allow those **ciphers**:

`Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com`

### KeyExchange

Focus on those **KeyExchange algoritms**:

`KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org`

### HostKeyAlgorithms

The **HostKeyAlgorithms**:

`HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com`

{{< note info >}}
Segun you OpenSSH version, it's possible to obtain a error message. 
See the section "{{< anchor "Troubleshooting" "Bad key types" >}}"!
{{</note>}}

### MACs

Choose those **Message Authentication Codes**:

`MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com`

### Moduli

The moduli file containt prime numbers and generators to be used by the 
SSH server in the  {{< abbr DH "Diffie-Hellman" >}} group key exchange method.

{{< note warning >}}
Since 2017, this [bug #2793](https://bugzilla.mindrot.org/show_bug.cgi?id=2793) 
explains that in some contexts the proper functioning fails, following 
recommendations below. 

If you can no longer login, consider reversing this change!
{{</note>}}

#### Moduli / Linux

It is recommended to recreate it, in such a way:

```sh
awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe
mv /etc/ssh/moduli.safe /etc/ssh/moduli
```

#### Moduli / OpenBSD

Yes, it is possible to create, as:<br>
`ssh-keygen -G /etc/ssh/moduli -b 3072` 

Attention, the generation will be long and depends very strongly on the 
power of your server.

However, you should know that for a few years/versions, the file is 
already generated and happens to be in `/etc/moduli`

See {{< man moduli 5 >}}

### Sandbox

{{< note warning >}}
Since v7.5, this is an <span em>deprecated and obsolete</span> option!

**Do not use it anymore!**
{{< /note >}}

## TL;DR

Here is a minimalist example of the secure configuration file on the server
 side:
 
```cfg
Port 22
ListenAddress 192.168.xxx.yyy
ListenAddress fd00:abcd:efg0::1

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com

PermitRootLogin no

PubkeyAuthentication yes

AuthorizedKeysFile	.ssh/authorized_keys

PasswordAuthentication no
```

## Troubleshooting

### Bad key types

If you had this following error:<br>
`/etc/ssh/sshd_config line 26: Bad key types 'ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com'`

Delete those `sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com` 
algorithms, and {{< anchor test test >}} again. If, **OK**, reload the service.

### LoginGraceTime

Think to grow the value of the `LoginGraceTime` option. Using RSA + PKBDF, 
or ed25519 keys, require more time for connections. 
Egual, you will not see any error messages into the auth log.

---

### Test

* To check the configuration: `# sshd -t`

---

#### ssh-audit 

It exists a tool, named `ssh-audit` to check if your configuration is secure.

Install and execute against your server as:

`$ ssh-audit adresse-ip-serveur-ssh`

* You need to fix URGENTLY all red colored messages.
* A green colored message mean OK

#### sshaudit on internet

It is possible to test too your server with the **sshaudit** website: 
https://www.sshaudit.com

---

## Documentation

### Manpages

* {{< man sshd 8 >}}, {{< man sshd_config 5 >}}, {{< man sftp-server 8 >}}
* {{< man moduli 5 >}}

### Others

* https://infosec.mozilla.org/guidelines/openssh
* https://www.sshaudit.com/hardening_guides.html

---