如何解决 SSH Server 使用了不安全的加密算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160

弱点扫瞄

弱点 1: SSH Supports Weak Cipher

The SSH server is configured to support either Arcfour or Cipher Block Chaining (CBC) mode cipher algorithms. SSH can be configured to use Counter (CTR) mode encryption instead of CBC. The use of Arcfour algorithms should be disabled.

  • Severity: Medium
  • Risk: A weak cipher has been detected.
  • Recommendation: Configure the SSH server to disable Arcfour and CBC ciphers.

弱点 2: SSH Supports Weak MAC

The SSH server is configured to support MD5 algorithm. The cryptographic strength depends upon the size of the key and algorithm that is used. A Modern MAC algorithms such as SHA1 or SHA2 should be used instead.

  • Severity: Medium
  • Risk: A weak Message Authentication Code (MAC) algorithm has been detected.
  • Recommendation: Configure the SSH server to disable the use of MD5.

解决方法

说明

2022 年,SSH 通讯协定被列为不安全的加密算法有 ARCFOUR(RC4)、CBC、HMAC-MD5、HMAC-RIPEMD160,以及他们所衍生的其它算法。

加密算法与 SSH 中的 CiphersMACs 的功能选项有关:

简单来说,只要修改设定档,关闭这些不安全的算法即可。

执行步骤

1. 我的 Linux Server 是 CentOS,首先于 Server 查看 sshd_config 说明文件,找到关于 CiphersMACs 所支援的算法与默认值。

$  man sshd_config

以下列出我在几台 Server 中,找到的 4 个不同版本的 opnessh 说明文件内容:

[openssh-7.4p1-22]

 Ciphers
         Specifies the ciphers allowed.  Multiple ciphers must be comma-
         separated.  If the specified value begins with a ‘+’ character,
         then the specified ciphers will be appended to the default set
         instead of replacing them.

         The supported ciphers are:

               3des-cbc
               aes128-cbc
               aes192-cbc
               aes256-cbc
               aes128-ctr
               aes192-ctr
               aes256-ctr
               [email protected]
               [email protected]
               arcfour
               arcfour128
               arcfour256
               blowfish-cbc
               cast128-cbc
               [email protected]

         The default is:

               [email protected],
               aes128-ctr,aes192-ctr,aes256-ctr,
               [email protected],[email protected],
               aes128-cbc,aes192-cbc,aes256-cbc,
               blowfish-cbc,cast128-cbc,3des-cbc

         The list of available ciphers may also be obtained using "ssh -Q
         cipher".

 MACs    Specifies the available MAC (message authentication code) algo‐
         rithms.  The MAC algorithm is used for data integrity protection.
         Multiple algorithms must be comma-separated.  If the specified
         value begins with a ‘+’ character, then the specified algorithms
         will be appended to the default set instead of replacing them.

         The algorithms that contain "-etm" calculate the MAC after
         encryption (encrypt-then-mac).  These are considered safer and
         their use recommended.  The supported MACs are:

               hmac-md5
               hmac-md5-96
               hmac-ripemd160
               hmac-sha1
               hmac-sha1-96
               hmac-sha2-256
               hmac-sha2-512
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]
               [email protected]

         The default is:

               [email protected],[email protected],
               [email protected],[email protected],
               [email protected],
               [email protected],[email protected],
               hmac-sha2-256,hmac-sha2-512,hmac-sha1,
               [email protected]

         The list of available MAC algorithms may also be obtained using
         "ssh -Q mac".

[openssh-5.3p1-123/openssh-5.3p1-124]

 Ciphers
         Specifies the ciphers allowed for protocol version 2.  Multiple
         ciphers must be comma-separated.  The supported ciphers are
         "3des-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc",
         "aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour128",
         "arcfour256", "arcfour", "blowfish-cbc",
         "[email protected]", and "cast128-cbc".  The default
         is:

            aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
            aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
            aes256-cbc,arcfour,[email protected]

 MACs    Specifies the available MAC (message authentication code) algo-
         rithms.  The MAC algorithm is used in protocol version 2 for data
         integrity protection.  Multiple algorithms must be comma-sepa-
         rated.  The default is:

               hmac-md5,hmac-sha1,[email protected],
               hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
               hmac-sha2-256,hmac-sha2-512,[email protected]

[openssh-4.3p2-82]

 Ciphers
         Specifies the ciphers allowed for protocol version 2.  Multiple
         ciphers must be comma-separated.  The supported ciphers are
         "3des-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc",
         "aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour128",
         "arcfour256", "arcfour", "blowfish-cbc", and "cast128-cbc".  The
         default is

             aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
             aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
             aes256-cbc,arcfour

 MACs    Specifies the available MAC (message authentication code) algo-
         rithms.  The MAC algorithm is used in protocol version 2 for data
         integrity protection.  Multiple algorithms must be comma-sepa-
         rated.  The default is

         hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96

以上红字的部份都是我们所要停用的算法!

2. 修改 SSH 的默认值来“保留”安全的加密算法。以 openssh-5.3p1-123 为例,编辑 /etc/ssh/sshd_config,加入:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512

3. 测试一下 sshd_config 的内容有没有什么错误:

$ /usr/sbin/sshd -t

4. 重新启动 sshd:

$ service sshd restart

5. 查看 SSH 的 cipher 与 macs 是否与新的设定相符:

$ /usr/sbin/sshd -T | grep "\(ciphers\|macs\)"
ciphers aes128-ctr,aes192-ctr,aes256-ctr
macs hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512

6. 实际执行 ssh 连线测试 Server 是否已排除 arcfour 或 hmac-md5:

$ ssh -c arcfour localhost
no matching cipher found: client arcfour server aes128-ctr,aes192-ctr,aes256-ctr

$ ssh -o macs=hmac-md5 localhost
no matching mac found: client hmac-md5 server hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512

这样就大功告成了!

未来如果又有哪个加密的算法被列为不安全,也是用一样的方式来排除。

影响

某些较旧的 SSH 用户端程式要连到 Server 时,因加密算法的改变,会出现如下的错误讯息:

Cloudn't agree a client-to-server cipher (available: aes128-ctr,aes192-ctr,aes256-ctr)

参考

  1. 如何解决 TLS/SSL 使用了不安全的加密算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160 | Vixual
  2. 如何解决 Web/Mail Server 使用了不安全的 SSL 通讯协定 | Vixual
  3. 如何自动将网站的 http:// 网址转址为 https:// | Vixual
  1. No comments yet.

  1. No trackbacks yet.

return top

%d 位部落客按了赞: