Secure Shell (SSH)

Secure Shell (SSH)

Guides

Articles

Tools

  • ssh_scan “configuration and policy scanner” (Mozilla)
  • Secretive Generate and store SSH keys in the Mac Secure Enclave (ecdsa-sha2-nistp256 keys)

Mobile

If you use SSH on the go often you'll want to look at using Mosh

iOS

Examples

Generate Keys

The ssh-keygen utility is used to create new SSH keys on most *nix systems.

ED25519

1
ssh-keygen -t ed25519 -a 100
Copied!
  • -t: Type of key to generate
  • -a: Number of Key Derivation Function (KDF) rounds

Remove Hashed known_hosts Entry

If your client is set to hash known hosts e.g. has the following line in ~/.ssh/config
1
HashKnownHosts yes
Copied!
Then your ~/.ssh/known_hosts file will be obfuscated.
To remove a host, when its hosts key changes, you'll need to execute:
1
ssh-keygen -R example.com
Copied!
Which will remove all keys associated with that hostname from ~/.ssh/known_hosts.

Configuration

Key Types

Key types are listed in the order of preference below:

Client

Permissions

Only allow your user to access ~/.ssh and your private keys, allow group and world to access your public keys.
1
chmod 700 ~/.ssh
2
chmod 600 ~/.ssh/id_*
3
chmod 644 ~/.ssh/id_*.pub
Copied!

config

1
# ~/.shh/config
2
# ssh_config(5)
3
4
Host *
5
# For all hosts use the following directives
6
7
Protocol 2
8
# Use only protocol version two
9
10
IdentitiesOnly yes
11
# By default ssh will send all public keys (identities) in ~/.ssh to the server if you don't specify which key to use with -i
12
# This prevents that by only using the public keys explicitly configured in config or specified with -i
13
14
VisualHostKey yes
15
# Print an ASCII art representation of the remote host key fingerprint at login and for unknown host keys
16
17
HashKnownHosts yes
18
# Hash host names and addresses when they are added to ~/.ssh/known_hosts.
19
# ssh-keygen -R hostname
20
# Removes all keys belonging to hostname from a known_hosts file.
21
UseRoaming no
22
# Mitigates CVE-0216-0777
23
24
# Cryptography
25
26
KexAlgorithms curve25519-sha256
27
# Allow only curve25519
28
29
HostKeyAlgorithms ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256
30
# Allow ed25519, ECDSA and RSA SHA2 keys for client authentication
31
# ed25519 is the preferred key type
32
# ECDSA for Secretive/ Secure Enclave keys
33
# rsa-sha2-* for compatibility
34
36
# Only use chacha20-poly1305
37
# Chacha20-poly1305 is preferred over AES-GCM because the SSH protocol does
38
# not encrypt message sizes when GCM (or EtM) is in use.
39
# This allows some traffic analysis even without decrypting the data.
40
# See: http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html
41
43
# Only use encrypt then mac (etm) MACs
44
# Allow only HMAC-SHA2-512/256 or UMAC-128
45
# https://crypto.stackexchange.com/a/56432
Copied!

Server

Permissions

Only allow your user to access ~/.ssh and ~/.ssh/authorized_keys.
1
chmod 700 ~/.ssh
2
chmod 600 ~/.ssh/authorized_keys
Copied!
These permissions are required by the StrictModes directive.

sshd_config

1
# /etc/ssh/sshd_config
2
# sshd_config(5)
3
4
AddressFamily inet
5
# Only use IPv4
6
7
ListenAddress x.x.x.x
8
# Default is to listen on all local addresses
9
# Better to specify an actual IP address to listen on
10
11
Protocol 2
12
# Only use protocol version 2
13
14
LogLevel VERBOSE
15
# Logs user's key fingerprint on login
16
17
HostKey /etc/ssh/ssh_host_ed25519_key
18
HostKey /etc/ssh/ssh_host_ecdsa_key
19
HostKey /etc/ssh/ssh_host_rsa_key
20
# Key files cannot be group/world-accessible
21
22
PermitRootLogin no
23
# root user cannot login via SSH
24
25
AuthenticationMethods publickey
26
# Only allow public key authentication for login
27
28
Subsystem sftp internal-sftp
29
# Use sshd internal SFTP server code (plays nicer with Chroot)
30
# See https://serverfault.com/a/660325 for differences with
31
# Subsystem sftp /usr/libexec/openssh/sftp-server
32
# If you just scp files you can disable this to reduce attack surface
33
34
# Cryptography
35
36
KexAlgorithms curve25519-sha256
37
# Allow only curve25519
38
39
HostKeyAlgorithms ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256
40
# Allow ed25519, ECDSA and RSA SHA2 keys for client authentication
41
# ECDSA for Secretive/ Secure Enclave keys
42
# ed25519 is the preferred key type
43
# rsa-sha2-* for compatibility
44
46
# Only use chacha20-poly1305
47
# Chacha20-poly1305 is preferred over AES-GCM because the SSH protocol does
48
# not encrypt message sizes when GCM (or EtM) is in use.
49
# This allows some traffic analysis even without decrypting the data.
50
# See: http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html
51
53
# Only use encrypt then mac (etm) MACs
54
# Allow only HMAC-SHA2-512/256 or UMAC-128
55
# https://crypto.stackexchange.com/a/56432
Copied!

Debugging sshd Issues

1
sudo sshd -t
2
# Test mode. Only check the validity of the configuration file and sanity of the keys.
Copied!
1
sudo systemctl restart sshd
2
# On systemd based systems restart the sshd service
Copied!
1
sudo systemctl status sshd
2
# On systemd based systems print the status of the sshd service
Copied!