如何解决 SSH Server 使用了不安全的加密算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160
弱点扫瞄
弱点 1: SSH Supports Weak Cipher
The SSH server is configured to support either Arcfour or Cipher Block Chaining (CBC) mode cipher algorithms. SSH can be configured to use Counter (CTR) mode encryption instead of CBC. The use of Arcfour algorithms should be disabled.
- Severity: Medium
- Risk: A weak cipher has been detected.
- Recommendation: Configure the SSH server to disable Arcfour and CBC ciphers.
弱点 2: SSH Supports Weak MAC
The SSH server is configured to support MD5 algorithm. The cryptographic strength depends upon the size of the key and algorithm that is used. A Modern MAC algorithms such as SHA1 or SHA2 should be used instead.
- Severity: Medium
- Risk: A weak Message Authentication Code (MAC) algorithm has been detected.
- Recommendation: Configure the SSH server to disable the use of MD5.
解决方法
说明
2022 年,SSH 通讯协定被列为不安全的加密算法有 ARCFOUR(RC4)、CBC、HMAC-MD5、HMAC-RIPEMD160,以及他们所衍生的其它算法。
加密算法与 SSH 中的 Ciphers 与 MACs 的功能选项有关:
- Ciphers: 密码编码、算法
- MACs: 讯息鉴别码 (Message Authentication Code)
简单来说,只要修改设定档,关闭这些不安全的算法即可。
执行步骤
1. 我的 Linux Server 是 CentOS,首先于 Server 查看 sshd_config 说明文件,找到关于 Ciphers 与 MACs 所支援的算法与默认值。
$ man sshd_config
以下列出我在几台 Server 中,找到的 4 个不同版本的 opnessh 说明文件内容:
[openssh-7.4p1-22]
Ciphers Specifies the ciphers allowed. Multiple ciphers must be comma- separated. If the specified value begins with a ‘+’ character, then the specified ciphers will be appended to the default set instead of replacing them. The supported ciphers are: 3des-cbc aes128-cbc aes192-cbc aes256-cbc aes128-ctr aes192-ctr aes256-ctr [email protected] [email protected] arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc [email protected] The default is: [email protected], aes128-ctr,aes192-ctr,aes256-ctr, [email protected],[email protected], aes128-cbc,aes192-cbc,aes256-cbc, blowfish-cbc,cast128-cbc,3des-cbc The list of available ciphers may also be obtained using "ssh -Q cipher". MACs Specifies the available MAC (message authentication code) algo‐ rithms. The MAC algorithm is used for data integrity protection. Multiple algorithms must be comma-separated. If the specified value begins with a ‘+’ character, then the specified algorithms will be appended to the default set instead of replacing them. The algorithms that contain "-etm" calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recommended. The supported MACs are: hmac-md5 hmac-md5-96 hmac-ripemd160 hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] The default is: [email protected],[email protected], [email protected],[email protected], [email protected], [email protected],[email protected], hmac-sha2-256,hmac-sha2-512,hmac-sha1, [email protected] The list of available MAC algorithms may also be obtained using "ssh -Q mac".
[openssh-5.3p1-123/openssh-5.3p1-124]
Ciphers Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be comma-separated. The supported ciphers are "3des-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc", "aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour128", "arcfour256", "arcfour", "blowfish-cbc", "[email protected]", and "cast128-cbc". The default is: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, aes256-cbc,arcfour,[email protected] MACs Specifies the available MAC (message authentication code) algo- rithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-sepa- rated. The default is: hmac-md5,hmac-sha1,[email protected], hmac-ripemd160,hmac-sha1-96,hmac-md5-96, hmac-sha2-256,hmac-sha2-512,[email protected]
[openssh-4.3p2-82]
Ciphers Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be comma-separated. The supported ciphers are "3des-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc", "aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour128", "arcfour256", "arcfour", "blowfish-cbc", and "cast128-cbc". The default is aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, aes256-cbc,arcfour MACs Specifies the available MAC (message authentication code) algo- rithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-sepa- rated. The default is hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
以上红字的部份都是我们所要停用的算法!
2. 修改 SSH 的默认值来“保留”安全的加密算法。以 openssh-5.3p1-123 为例,编辑 /etc/ssh/sshd_config,加入:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr MACs hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512
3. 测试一下 sshd_config 的内容有没有什么错误:
$ /usr/sbin/sshd -t
4. 重新启动 sshd:
$ service sshd restart
5. 查看 SSH 的 cipher 与 macs 是否与新的设定相符:
$ /usr/sbin/sshd -T | grep "\(ciphers\|macs\)" ciphers aes128-ctr,aes192-ctr,aes256-ctr macs hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512
6. 实际执行 ssh 连线测试 Server 是否已排除 arcfour 或 hmac-md5:
$ ssh -c arcfour localhost no matching cipher found: client arcfour server aes128-ctr,aes192-ctr,aes256-ctr $ ssh -o macs=hmac-md5 localhost no matching mac found: client hmac-md5 server hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512
这样就大功告成了!
未来如果又有哪个加密的算法被列为不安全,也是用一样的方式来排除。
影响
某些较旧的 SSH 用户端程式要连到 Server 时,因加密算法的改变,会出现如下的错误讯息:
Cloudn't agree a client-to-server cipher (available: aes128-ctr,aes192-ctr,aes256-ctr)
很感谢你的分享,最近也正好在处理资安 issue,非常棒的知识。