From 170eff602336fcc0de924e33acf889d139473289 Mon Sep 17 00:00:00 2001 From: stribika Date: Tue, 6 Jan 2015 23:10:05 +0100 Subject: [PATCH 1/2] New algorithms for SSH. --- configs/sshd/sshd-pfs_config | 39 +++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/configs/sshd/sshd-pfs_config b/configs/sshd/sshd-pfs_config index 7f48da4..02b1f22 100644 --- a/configs/sshd/sshd-pfs_config +++ b/configs/sshd/sshd-pfs_config @@ -1,11 +1,32 @@ -# Specifies the ciphers allowed for protocol version 2. -# The default is: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256, -# arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, -# aes256-cbc,arcfour -Ciphers aes256-ctr +# Protocol v1 is broken. +Protocol 2 + +# Specifies the available key exchange algorithms. +# 1. ECDH over Curve25519 with SHA256 +# 2. Custom DH with SHA256 - generate primes using +# ssh-keygen -G /tmp/moduli -b 4096 +# ssh-keygen -T /etc/ssh/moduli -f /tmp/moduli +KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 + +# Authentication keys & algorithms +# 1. Ed25519 - generate key using +# ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null +# 2. RSA - generate key using +# ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null +HostKey /etc/ssh/ssh_host_ed25519_key +HostKey /etc/ssh/ssh_host_rsa_key + +# Specifies the allowed ciphers +# 1. Chacha20-Poly1305 - Authenticated encryption, message length encrypted +# 2. AES-GCM - Authenticated encryption, message length is Additional Data +# 3. AES-CTR - Confidentiality only, works better with flawed Encrypt-and-MAC +Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr # Specifies the available MAC (message authentication code) algorithms. -# The default is: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160, -# hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, -# hmac-sha2-512-96 -MACs hmac-sha2-512 +# 1. Encrypt-then-MAC with HMAC-SHA2 - provable security +# 2. Encrypt-then-MAC with HMAC-RIPEMD160 - provable security +# 3. Encrypt-then-MAC with UMAC128 - provable security +# 4. [DISABLED] Encrypt-and-MAC with various algorithms - no security proof +# probably fine with a CTR cipher, don't use them with CBC +MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com +#MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128 From 9fa64b27a08863c4385d7e40e8390cf90407494b Mon Sep 17 00:00:00 2001 From: stribika Date: Sun, 18 Jan 2015 21:10:21 +0100 Subject: [PATCH 2/2] Enable more MACs, disable password authentication. --- configs/sshd/sshd-pfs_config | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/configs/sshd/sshd-pfs_config b/configs/sshd/sshd-pfs_config index 02b1f22..b305f7f 100644 --- a/configs/sshd/sshd-pfs_config +++ b/configs/sshd/sshd-pfs_config @@ -8,7 +8,7 @@ Protocol 2 # ssh-keygen -T /etc/ssh/moduli -f /tmp/moduli KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 -# Authentication keys & algorithms +# Server authentication # 1. Ed25519 - generate key using # ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null # 2. RSA - generate key using @@ -16,6 +16,11 @@ KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_rsa_key +# Client authentication +ChallengeResponseAuthentication no +PasswordAuthentication no +PubkeyAuthentication yes + # Specifies the allowed ciphers # 1. Chacha20-Poly1305 - Authenticated encryption, message length encrypted # 2. AES-GCM - Authenticated encryption, message length is Additional Data @@ -23,10 +28,7 @@ HostKey /etc/ssh/ssh_host_rsa_key Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr # Specifies the available MAC (message authentication code) algorithms. -# 1. Encrypt-then-MAC with HMAC-SHA2 - provable security -# 2. Encrypt-then-MAC with HMAC-RIPEMD160 - provable security -# 3. Encrypt-then-MAC with UMAC128 - provable security -# 4. [DISABLED] Encrypt-and-MAC with various algorithms - no security proof +# 1. Encrypt-then-MAC with at least 128 bit tags and keys - provable security +# 2. Encrypt-and-MAC with at least 128 bit tags and keys - no security proof # probably fine with a CTR cipher, don't use them with CBC -MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com -#MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128 +MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128