如何解決 SSH Server 使用了不安全的加密演算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160

弱點掃瞄

弱點 1: SSH Supports Weak Cipher

The SSH server is configured to support either Arcfour or Cipher Block Chaining (CBC) mode cipher algorithms. SSH can be configured to use Counter (CTR) mode encryption instead of CBC. The use of Arcfour algorithms should be disabled.

  • Severity: Medium
  • Risk: A weak cipher has been detected.
  • Recommendation: Configure the SSH server to disable Arcfour and CBC ciphers.

弱點 2: SSH Supports Weak MAC

The SSH server is configured to support MD5 algorithm. The cryptographic strength depends upon the size of the key and algorithm that is used. A Modern MAC algorithms such as SHA1 or SHA2 should be used instead.

  • Severity: Medium
  • Risk: A weak Message Authentication Code (MAC) algorithm has been detected.
  • Recommendation: Configure the SSH server to disable the use of MD5.

解決方法

說明

2022 年,SSH 通訊協定被列為不安全的加密演算法有 ARCFOUR(RC4)、CBC、HMAC-MD5、HMAC-RIPEMD160,以及他們所衍生的其它演算法。

加密演算法與 SSH 中的 CiphersMACs 的功能選項有關:

簡單來說,只要修改設定檔,關閉這些不安全的演算法即可。

執行步驟

1. 我的 Linux Server 是 CentOS,首先於 Server 查看 sshd_config 說明文件,找到關於 CiphersMACs 所支援的演算法預設值

$  man sshd_config

以下列出我在幾台 Server 中,找到的 4 個不同版本的 opnessh 說明文件內容:

[openssh-7.4p1-22]

 Ciphers
         Specifies the ciphers allowed.  Multiple ciphers must be comma-
         separated.  If the specified value begins with a ‘+’ character,
         then the specified ciphers will be appended to the default set
         instead of replacing them.

         The supported ciphers are:

               3des-cbc
               aes128-cbc
               aes192-cbc
               aes256-cbc
               aes128-ctr
               aes192-ctr
               aes256-ctr
               [email protected]
               [email protected]
               arcfour
               arcfour128
               arcfour256
               blowfish-cbc
               cast128-cbc
               [email protected]

         The default is:

               [email protected],
               aes128-ctr,aes192-ctr,aes256-ctr,
               [email protected],[email protected],
               aes128-cbc,aes192-cbc,aes256-cbc,
               blowfish-cbc,cast128-cbc,3des-cbc

         The list of available ciphers may also be obtained using "ssh -Q
         cipher".

 MACs    Specifies the available MAC (message authentication code) algo‐
         rithms.  The MAC algorithm is used for data integrity protection.
         Multiple algorithms must be comma-separated.  If the specified
         value begins with a ‘+’ character, then the specified algorithms
         will be appended to the default set instead of replacing them.

         The algorithms that contain "-etm" calculate the MAC after
         encryption (encrypt-then-mac).  These are considered safer and
         their use recommended.  The supported MACs are:

               hmac-md5
               hmac-md5-96
               hmac-ripemd160
               hmac-sha1
               hmac-sha1-96
               hmac-sha2-256
               hmac-sha2-512
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]

         The default is:

               [email protected],[email protected],
               [email protected],[email protected],
               [email protected],
               [email protected],[email protected],
               hmac-sha2-256,hmac-sha2-512,hmac-sha1,
               [email protected]

         The list of available MAC algorithms may also be obtained using
         "ssh -Q mac".

[openssh-5.3p1-123/openssh-5.3p1-124]

 Ciphers
         Specifies the ciphers allowed for protocol version 2.  Multiple
         ciphers must be comma-separated.  The supported ciphers are
         "3des-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc",
         "aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour128",
         "arcfour256", "arcfour", "blowfish-cbc",
         "[email protected]", and "cast128-cbc".  The default
         is:

            aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
            aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
            aes256-cbc,arcfour,[email protected]

 MACs    Specifies the available MAC (message authentication code) algo-
         rithms.  The MAC algorithm is used in protocol version 2 for data
         integrity protection.  Multiple algorithms must be comma-sepa-
         rated.  The default is:

               hmac-md5,hmac-sha1,[email protected],
               hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
               hmac-sha2-256,hmac-sha2-512,[email protected]

[openssh-4.3p2-82]

 Ciphers
         Specifies the ciphers allowed for protocol version 2.  Multiple
         ciphers must be comma-separated.  The supported ciphers are
         "3des-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc",
         "aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour128",
         "arcfour256", "arcfour", "blowfish-cbc", and "cast128-cbc".  The
         default is

             aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
             aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
             aes256-cbc,arcfour

 MACs    Specifies the available MAC (message authentication code) algo-
         rithms.  The MAC algorithm is used in protocol version 2 for data
         integrity protection.  Multiple algorithms must be comma-sepa-
         rated.  The default is

         hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96

以上紅字的部份都是我們所要停用的演算法!

2. 修改 SSH 的預設值來「保留」安全的加密演算法。以 openssh-5.3p1-123 為例,編輯 /etc/ssh/sshd_config,加入:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512

3. 測試一下 sshd_config 的內容有沒有什麼錯誤:

$ /usr/sbin/sshd -t

4. 重新啟動 sshd:

$ service sshd restart

5. 查看 SSH 的 cipher 與 macs 是否與新的設定相符:

$ /usr/sbin/sshd -T | grep "\(ciphers\|macs\)"
ciphers aes128-ctr,aes192-ctr,aes256-ctr
macs hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512

6. 實際執行 ssh 連線測試 Server 是否已排除 arcfour 或 hmac-md5:

$ ssh -c arcfour localhost
no matching cipher found: client arcfour server aes128-ctr,aes192-ctr,aes256-ctr

$ ssh -o macs=hmac-md5 localhost
no matching mac found: client hmac-md5 server hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512

這樣就大功告成了!

未來如果又有哪個加密的演算法被列為不安全,也是用一樣的方式來排除。

影響

某些較舊的 SSH 用戶端程式要連到 Server 時,因加密演算法的改變,會出現如下的錯誤訊息:

Cloudn't agree a client-to-server cipher (available: aes128-ctr,aes192-ctr,aes256-ctr)

參考

  1. 如何解決 TLS/SSL 使用了不安全的加密演算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160 | Vixual
  2. 如何解決 Web/Mail Server 使用了不安全的 SSL 通訊協定 | Vixual
  3. 如何自動將網站的 http:// 網址轉址為 https:// | Vixual
    • Davis
    • 04/10. 2024 11:59上午
    Using Google Chrome Google Chrome 123.0.0.0 on Mac OS X Mac OS X 10.15.7

    很感謝你的分享,最近也正好在處理資安 issue,非常棒的知識。

  1. No trackbacks yet.

return top

%d 位部落客按了讚: