User Tools

Site Tools


networking:ssh

Secure Shell (SSH)

Guides

Articles

Tools

  • ssh_scan “configuration and policy scanner” (Mozilla)

Key Types

Key types are listed in the order of preference below:

  1. ED25519
  2. >= 2048bit RSA

Never use DSA keys 2) and avoid ECDSA keys if you can. Both fail catastrophically on bad randomness.

Mobile

If you use SSH on the go often you'll want to look at using Mosh

iOS

Examples

Generate Keys

The ssh-keygen utility is used to create new SSH keys on most3) *nix systems.

ED25519

ssh-keygen -t ed25519 -a 100
  • -t: Type of key to generate
  • -a: Number of Key Derivation Function (KDF) rounds

RSA

ssh-keygen -t rsa -b 4096 -a 100
  • -t: Type of key to generate
  • -b: Size of key in bits
  • -a: Number of (KDF) rounds

Remove Hashed known_hosts Entry

If your client is set to hash known hosts e.g. has the following line in ~/.ssh/config

HashKnownHosts yes

Then your ~/.ssh/known_hosts file will be obfuscated.

To remove a host, when its hosts key changes, you'll need to execute:

ssh-keygen -R example.com

Which will remove all keys associated with that hostname from ~/.ssh/known_hosts.

Configuration

Client

Permissions

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_*
chmod 644 ~/.ssh/id_*.pub

Only allow your user to access ~/.ssh and your private keys, allow group and world to access your public keys.

config

Client configuration file, only lists no default settings.

config
# ~/.shh/config
# ssh_config(5)

Host *
# For all hosts use the following directives 
    Protocol 2
    # Use only protocol version two
    
    IdentitiesOnly yes
    # By default ssh will send all public keys (identities) in ~/.ssh to the server if you don't specify which key to use with -i
    # This prevents that by only using the public keys explicitly configured in config or specified with -i  
    
    VisualHostKey yes
    # Print an ASCII art representation of the remote host key fingerprint at login and for unknown host keys
    
    HashKnownHosts yes
    # Hash host names and addresses when they are added to ~/.ssh/known_hosts.
    # ssh-keygen -R hostname
    # Removes all keys belonging to hostname from a known_hosts file.

    UseRoaming no
    # Mitigates CVE-0216-0777
    
    # Cryptography 
    
    KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
    # Define Key Exchange Algorithms
    # NIST curves are listed for compatibility, curve25519 is preferred
    
    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com
    # Only allow ed25519 or RSA keys for client authentication
    
    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
    # Only use authenticated symmetric ciphers
    # aes listed for compatibility, chacha20-poly1305 is preferred
    
    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
    # Only use encrypt then mac (etm) MACs
    

Server

Permissions

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys 

Only allow your user to access ~/.ssh and ~/.ssh/authorized_keys. These permissions are required by the StrictModes directive.

sshd_config

Server configuration file, only lists none default settings.

sshd_config
# /etc/ssh/sshd_config
# sshd_config(5)

AddressFamily inet
# Only use IPv4

ListenAddress x.x.x.x
# Default is to listen on all local addresses
# Better to specify an actual IP address to listen on

Protocol 2
# Only use protocol version 2

LogLevel VERBOSE
# Logs user's key fingerprint on login

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Key files cannot be group/world-accessible

PermitRootLogin no
# root user cannot login via SSH

AuthenticationMethods publickey
# Only allow public key authentication for login

Subsystem sftp internal-sftp
# Use sshd internal SFTP server code (plays nicer with Chroot) 
# See https://serverfault.com/a/660325 for differences with 
# Subsystem sftp /usr/libexec/openssh/sftp-server
# If you just scp files you can disable this to reduce attack surface

# Cryptography 
    
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
# Define Key Exchange Algorithms
# NIST curves are listed for compatibility, curve25519 is preferred
    
HostKeyAlgorithms ssh-ed25519,ssh-rsa
# Only allow ed25519 or RSA keys for client authentication
    
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
# Only use authenticated symmetric ciphers
# aes listed for compatibility, chacha20-poly1305 is preferred
    
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
# Only use encrypt then mac (etm) MACs
    
1)
No longer the case as of OpenSSH 7.8
2)
Disabled by default since version 7.0 of OpenSSH
3)
All?
networking/ssh.txt · Last modified: 2019/01/18 23:40 by mikey