Our security scanner Qualys reported the vulnerability “Deprecated SSH Cryptographic Settings” across RHEL6 & RHEL7 fleet servers.
The scan report provided description of the threat posed by the vulnerability, recommendation for correcting the problem and the result which shows how Qualys verified the vulnerability.
Vulnerability : Deprecated SSH Cryptographic Settings
QID: 38739
THREAT: The SSH protocol (Secure Shell) is a method for secure remote login from one computer to another.The target is using deprecated SSH cryptographic settings to communicate.
IMPACT: A man-in-the-middle attacker may be able to exploit this vulnerability to record the communication to decrypt the session key and even the messages.
SOLUTION: Avoid using deprecated cryptographic settings. Use best practices when configuring SSH.
RESULTS:
| Type | Name |
| key exchange | diffie-hellman-group1-sha1 |
| cipher | arcfour256 |
| cipher | arcfour128 |
| cipher | 3des-cbc |
| cipher | blowfish-cbc |
| cipher | cast128-cbc |
| cipher | arcfour |
So in our case, looking at the result section, qualys has found the listed ciphers and Keyexchange methods that are enabled/configured on our servers.
The remediation steps started as follows:
- Initial Test (prior to remediation)
- Tweaking the relevant config file
- Post Test (after remediation)
Initial Test
We know that this is a SSH related vulnerability, So running below command would output the current ciphers & kexalgorithm methods configured on the server. We can see that the scanner reported ciphers & kexalgorithm methods are present.
Note: -T option is used for Extended test mode to Check the validity of the configuration file, output the effective configuration to stdout and then exit.
[root@linuxminion ~]# sshd -T | egrep -iw "ciphers|kexalgorithms" ciphers 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com kexalgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,gss-gex-sha1-,gss-group1-sha1-,gss-group14-sha1- [root@linuxminion ~]
Now let’s do the actual SSH test connecting to this host using the deprecated ciphers & kexalgorithm method and see how it goes.
[root@testserver ~]# ssh ec2-user@linuxminion -ociphers=arcfour256 -okexalgorithms=diffie-hellman-group1-sha1 Last login: Tue Jun 25 23:44:28 2019 from ip-172-31-7-76.ap-southeast-2.compute.internal [ec2-user@linuxminion ~]$
Yes, it succeeded because that cipher & kexalgorithm method are configured on our server.
When we run the same command with -vv option we get the verbose SSH output and below lines are of interest as they show the cipher negotiated from client to server and vice versa
debug1: kex: server->client arcfour256 hmac-md5-etm@openssh.com none debug2: mac_setup: setup hmac-md5-etm@openssh.com debug1: kex: client->server arcfour256 hmac-md5-etm@openssh.com none debug1: kex: diffie-hellman-group1-sha1 need=16 dh_need=16 debug1: kex: diffie-hellman-group1-sha1 need=16 dh_need=16
Tweaking the relevant config file : (sshd_config)
The ciphers are configured in the /etc/ssh/sshd_config file and hence we will now disable the deprecated ciphers & kexalgorithm methods by adding/modifying below lines in config file.
Here we are excluding those ciphers & kexalgorithm method and including only those that we want to enable.
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com Kexalgorithms diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,gss-gex-sha1-,gss-group1-sha1-,gss-group14-sha1-
Post configuration, the output looks as below in our case
[root@linuxminion ~]# sshd -T | egrep -iw "ciphers|kexalgorithms" Ciphers aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com Kexalgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,gss-gex-sha1-,gss-group14-sha1- [root@linuxminion ~]#
Note: Restart the SSHD service post config change to /etc/ssh/sshd_config
In case of RHEL6 # service sshd restart In case of RHEL7 # systemctl restart sshd.service
Post Test (after remediation)
Test the SSH connection to the server using the disabled cipher & kexalgorithm method and it should error out as below:
“No matching cipher found” for Cipher
“Unable to negotiate a key exchange method” for kexalgorithm
which is true as its not listed/configured in our sshd_config.
[root@testserver ~]# ssh ec2-user@linuxminion -ociphers=arcfour256 no matching cipher found: client arcfour256 server aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [root@testserver ~]# [root@testserver ~]# ssh ec2-user@linuxminion -okexalgorithms=diffie-hellman-group1-sha1 Unable to negotiate a key exchange method [root@testserver ~]#
Lastly, have the server scanned again by scanning tool to confirm for remediation of this vulnerability. The report should not pick this one.
References:
