ssh 加密算法相关信息含义解析与弱加密算法禁用方法_hostkeyalgorithms

问题描述

sshd 的默认配置中使能了一些弱加密算法，有潜在的安全风险，需要禁用这些弱加密算法。

对 ssh 加密算法的掌握现状

几乎为 0。

从 man sshd_config 开始

1. Ciphers

     Ciphers
             Specifies the ciphers allowed.  Multiple ciphers must be comma-separated.  If the specified value begins with a '+' char-
             acter, then the specified ciphers will be appended to the default set instead of replacing them.  If the specified value
             begins with a '-' character, then the specified ciphers (including wildcards) will be removed from the default set instead
             of replacing them.

             The supported ciphers are:

                   3des-cbc
                   aes128-cbc
                   aes192-cbc
                   aes256-cbc
                   aes128-ctr
                   aes192-ctr
                   aes256-ctr
                   aes128-gcm@openssh.com
                   aes256-gcm@openssh.com
                   chacha20-poly1305@openssh.com

             The default is:

                   chacha20-poly1305@openssh.com,
                   aes128-ctr,aes192-ctr,aes256-ctr,
                   aes128-gcm@openssh.com,aes256-gcm@openssh.com

             The list of available ciphers may also be obtained using "ssh -Q cipher".
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

Ciphers 指定 ssh 使能的加密算法。多个加密算法之间使用逗号分隔。当 Ciphers 的值以 + 字符开始时，指定的加密算法将附加到默认集合，不影响默认集合中的其它算法。当 Ciphers 的值以 ‘-’ 字符开始时，指定的加密算法将会从默认集合中移除，不影响默认集合中的其它项目。

1.1 nmap 扫描默认的 Ciphers

使用默认 Ciphers 情况下 nmap 扫描到的 Ciphers:

|   encryption_algorithms: (6)
|       chacha20-poly1305@openssh.com
|       aes128-ctr
|       aes192-ctr
|       aes256-ctr
|       aes128-gcm@openssh.com
|       aes256-gcm@openssh.com
.........
1
2
3
4
5
6
7
8

1.2 sshd_config 中新增 Ciphers 后扫描

在 sshd_config 文件的最后添加如下行：

Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc
1

重启 sshd 后，重新扫描，结果如下：

|   encryption_algorithms: (10)
|       chacha20-poly1305@openssh.com
|       aes128-ctr
|       aes192-ctr
|       aes256-ctr
|       aes128-gcm@openssh.com
|       aes256-gcm@openssh.com
|       3des-cbc
|       aes128-cbc
|       aes192-cbc
|       aes256-cbc
1
2
3
4
5
6
7
8
9
10
11

可以看到添加新的算法到默认集合成功。

1.3 sshd_config 中删除指定 Ciphers 后扫描

在 sshd_config 文件的最后添加如下行：

Ciphers -aes128-ctr,aes128-gcm@openssh.com
1

重启 sshd 后，重新扫描，结果如下：

|   encryption_algorithms: (4)
|       chacha20-poly1305@openssh.com
|       aes192-ctr
|       aes256-ctr
|       aes256-gcm@openssh.com
1
2
3
4
5

可以看到指定的凉饿 aes128 加密算法已经被移除。

MACs

     MACs    Specifies the available MAC (message authentication code) algorithms.  The MAC algorithm is used for data integrity pro-
             tection.  Multiple algorithms must be comma-separated.  If the specified value begins with a '+' character, then the spec-
             ified algorithms will be appended to the default set instead of replacing them.  If the specified value begins with a '-'
             character, then the specified algorithms (including wildcards) will be removed from the default set instead of replacing
             them.

             The algorithms that contain "-etm" calculate the MAC after encryption (encrypt-then-mac).  These are considered safer and
             their use recommended.  The supported MACs are:

                   hmac-md5
                   hmac-md5-96
                   hmac-sha1
                   hmac-sha1-96
                   hmac-sha2-256
                   hmac-sha2-512
                   umac-64@openssh.com
                   umac-128@openssh.com
                   hmac-md5-etm@openssh.com
                   hmac-md5-96-etm@openssh.com
                   hmac-sha1-etm@openssh.com
                   hmac-sha1-96-etm@openssh.com
                   hmac-sha2-256-etm@openssh.com
                   hmac-sha2-512-etm@openssh.com
                   umac-64-etm@openssh.com
                   umac-128-etm@openssh.com

             The default is:

                   umac-64-etm@openssh.com,umac-128-etm@openssh.com,
                   hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
                   hmac-sha1-etm@openssh.com,
                   umac-64@openssh.com,umac-128@openssh.com,
                   hmac-sha2-256,hmac-sha2-512,hmac-sha1

             The list of available MAC algorithms may also be obtained using "ssh -Q mac".
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

MACs 选项指定可用的 MAC（消息认证代码）算法，用于数据完整性保护。配置方法与 Ciphers 一致，不再赘述。

KexAlgorithms

     KexAlgorithms
             Specifies the available KEX (Key Exchange) algorithms.  Multiple algorithms must be comma-separated.  Alternately if the
             specified value begins with a '+' character, then the specified methods will be appended to the default set instead of re-
             placing them.  If the specified value begins with a '-' character, then the specified methods (including wildcards) will
             be removed from the default set instead of replacing them.  The supported algorithms are:

                   curve25519-sha256
                   curve25519-sha256@libssh.org
                   diffie-hellman-group1-sha1
                   diffie-hellman-group14-sha1
                   diffie-hellman-group14-sha256
                   diffie-hellman-group16-sha512
                   diffie-hellman-group18-sha512
                   diffie-hellman-group-exchange-sha1
                   diffie-hellman-group-exchange-sha256
                   ecdh-sha2-nistp256
                   ecdh-sha2-nistp384
                   ecdh-sha2-nistp521

             The default is:

                   curve25519-sha256,curve25519-sha256@libssh.org,
                   ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
                   diffie-hellman-group-exchange-sha256,
                   diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
                   diffie-hellman-group14-sha256,diffie-hellman-group14-sha1

             The list of available key exchange algorithms may also be obtained using "ssh -Q kex".
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

KexAlgorithms 选项指定可用的密钥交换算法。配置方法与 Ciphers 一致，不再赘述。

PubkeyAcceptedKeyTypes

             Specifies the key types that will be accepted for public key authentication as a list of comma-separated patterns.  Alter-
             nately if the specified value begins with a '+' character, then the specified key types will be appended to the default
             set instead of replacing them.  If the specified value begins with a '-' character, then the specified key types (includ-
             ing wildcards) will be removed from the default set instead of replacing them.  The default for this option is:

                ecdsa-sha2-nistp256-cert-v01@openssh.com,
                ecdsa-sha2-nistp384-cert-v01@openssh.com,
                ecdsa-sha2-nistp521-cert-v01@openssh.com,
                ssh-ed25519-cert-v01@openssh.com,
                rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
                ssh-rsa-cert-v01@openssh.com,
                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
                ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

             The list of available key types may also be obtained using "ssh -Q key".
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

PubkeyAcceptedKeyTypes 指定公钥认证允许的密钥类型。配置方法与 Ciphers 一致，不再赘述。

如何查看 ssh 支持的不同类别的加密算法

相关命令：

Ciphers: ssh -Q cipher
MACs: ssh -Q mac
KexAlgorithms: ssh -Q kex
PubkeyAcceptedKeyTypes: ssh -Q key
1
2
3
4

备注：这些命令输出的项目是 ssh 支持的，并不一定是 ssh 使能的项目。

通过 ssh 命令指定特定的算法

命令示例：

1. ssh -vv -oMACs=hmac-sha1-etm@openssh.com
2. ssh -vv -oCiphers=xxx
3. ssh -vv -o…

运行示例：

longyu@debian:~$ ssh -vv -oMACs=hmac-sha1-etm@openssh.com longyu@192.168.122.1
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d  10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.122.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.122.1 [192.168.122.1] port 22.
debug1: Connection established.
debug1: identity file /home/longyu/.ssh/id_rsa type -1
debug1: identity file /home/longyu/.ssh/id_rsa-cert type -1
debug1: identity file /home/longyu/.ssh/id_dsa type -1
debug1: identity file /home/longyu/.ssh/id_dsa-cert type -1
debug1: identity file /home/longyu/.ssh/id_ecdsa type -1
debug1: identity file /home/longyu/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/longyu/.ssh/id_ed25519 type -1
debug1: identity file /home/longyu/.ssh/id_ed25519-cert type -1
debug1: identity file /home/longyu/.ssh/id_xmss type -1
debug1: identity file /home/longyu/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.122.1:22 as 'longyu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
debug2: MACs ctos: hmac-sha1-etm@openssh.com
debug2: MACs stoc: hmac-sha1-etm@openssh.com
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group14-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

如下输出中，stoc 的输出表明 server 使能的相关加密算法。

debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
1
2
3
4
5
6

-vv 选项指定 ssh 打印处理过程中的一些 debug 信息。这些信息对于定位一些连接、认证、配置问题非常有用。

参考链接

https://serverfault.com/questions/735176/how-can-i-list-macs-ciphers-and-kexalogrithms-supported-by-my-ssh-server