Deprecated SSH Cryptographic Settings


Our security scanner Qualys reported the vulnerability “Deprecated SSH Cryptographic Settings” across RHEL6 & RHEL7 fleet servers.

The scan report provided description of the threat posed by the vulnerability, recommendation for correcting the problem and the result which shows how Qualys verified the vulnerability.

Vulnerability : Deprecated SSH Cryptographic Settings
QID: 38739
THREAT: The SSH protocol (Secure Shell) is a method for secure remote login from one computer to another.The target is using deprecated SSH cryptographic settings to communicate.
IMPACT: A man-in-the-middle attacker may be able to exploit this vulnerability to record the communication to decrypt the session key and even the messages.
SOLUTION: Avoid using deprecated cryptographic settings. Use best practices when configuring SSH.
RESULTS:

Type Name
key exchange diffie-hellman-group1-sha1
cipher arcfour256
cipher arcfour128
cipher 3des-cbc
cipher blowfish-cbc
cipher cast128-cbc
cipherarcfour

So in our case, looking at the result section, qualys has found the listed ciphers and Keyexchange methods that are enabled/configured on our servers.

The remediation steps started as follows:

  • Initial Test (prior to remediation)
  • Tweaking the relevant config file
  • Post Test (after remediation)

Initial Test

We know that this is a SSH related vulnerability, So running below command would output the current ciphers & kexalgorithm methods configured on the server. We can see that the scanner reported ciphers & kexalgorithm methods are present.

Note: -T option is used for Extended test mode to Check the validity of the configuration file, output the effective configuration to stdout and then exit.

[root@linuxminion ~]# sshd -T | egrep -iw "ciphers|kexalgorithms"
ciphers 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
kexalgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,gss-gex-sha1-,gss-group1-sha1-,gss-group14-sha1-
[root@linuxminion ~]

Now let’s do the actual SSH test connecting to this host using the deprecated ciphers & kexalgorithm method and see how it goes.

[root@testserver ~]# ssh ec2-user@linuxminion -ociphers=arcfour256 -okexalgorithms=diffie-hellman-group1-sha1
 Last login: Tue Jun 25 23:44:28 2019 from ip-172-31-7-76.ap-southeast-2.compute.internal
[ec2-user@linuxminion ~]$

Yes, it succeeded because that cipher & kexalgorithm method are configured on our server.

When we run the same command with -vv option we get the verbose SSH output and below lines are of interest as they show the cipher negotiated from client to server and vice versa

 debug1: kex: server->client arcfour256 hmac-md5-etm@openssh.com none
 debug2: mac_setup: setup hmac-md5-etm@openssh.com
 debug1: kex: client->server arcfour256 hmac-md5-etm@openssh.com none
 debug1: kex: diffie-hellman-group1-sha1 need=16 dh_need=16
 debug1: kex: diffie-hellman-group1-sha1 need=16 dh_need=16

Tweaking the relevant config file : (sshd_config)

The ciphers are configured in the /etc/ssh/sshd_config file and hence we will now disable the deprecated ciphers & kexalgorithm methods by adding/modifying below lines in config file.
Here we are excluding those ciphers & kexalgorithm method and including only those that we want to enable.

Ciphers aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

Kexalgorithms diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,gss-gex-sha1-,gss-group1-sha1-,gss-group14-sha1-

Post configuration, the output looks as below in our case

[root@linuxminion ~]# sshd -T | egrep -iw "ciphers|kexalgorithms"
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
Kexalgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,gss-gex-sha1-,gss-group14-sha1-
[root@linuxminion ~]#

Note: Restart the SSHD service post config change to /etc/ssh/sshd_config

In case of RHEL6
# service sshd restart

In case of RHEL7
# systemctl restart sshd.service

Post Test (after remediation)

Test the SSH connection to the server using the disabled cipher & kexalgorithm method and it should error out as below:

No matching cipher found” for Cipher
Unable to negotiate a key exchange method” for kexalgorithm

which is true as its not listed/configured in our sshd_config.

[root@testserver ~]# ssh ec2-user@linuxminion -ociphers=arcfour256
no matching cipher found: client arcfour256 server aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[root@testserver ~]#

[root@testserver ~]# ssh ec2-user@linuxminion -okexalgorithms=diffie-hellman-group1-sha1
Unable to negotiate a key exchange method
[root@testserver ~]#

Lastly, have the server scanned again by scanning tool to confirm for remediation of this vulnerability. The report should not pick this one.

References:

http://man7.org/linux/man-pages/man5/sshd_config.5.html

http://man7.org/linux/man-pages/man8/sshd.8.html

One comment

Leave a Reply

Your email address will not be published.