Security/Guidelines/OpenSSH: Difference between revisions

Security/Guidelines/OpenSSH (view source)

Revision as of 23:44, 27 June 2017

977 bytes added , 27 June 2017

Automated sync from https://github.com/mozilla/wikimo_content

Gdestuynder

Confirmed users

502

edits

@@ Line 74: / Line 74: @@
 UsePrivilegeSeparation sandbox
 </source>
+File: <code>/etc/ssh/moduli</code>
+All Diffie-Hellman moduli in use should be at least 3072-bit-long (they are used for <code>diffie-hellman-group-exchange-sha256</code>) as per our [[Security/Guidelines/Key_Management]] recommendations. See also <code>man moduli</code>.
+To deactivate short modules in two commands: <code>awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli</code>
 === '''Intermediate''' (OpenSSH 5.3) ===
@@ Line 111: / Line 118: @@
 PermitRootLogin No
 </source>
+File: <code>/etc/ssh/moduli</code>
+All Diffie-Hellman moduli in use should be at least 2048-bit-long. From the structure of <code>moduli</code> files, this means the fifth field of all lines in this file should be greater than or equal to 2047.
+To deactivate weak moduli in two commands: <code>awk '{if ($5 < 2047) {print ("#", $0)} else print $0}' /etc/ssh/moduli > /etc/ssh/moduli.tmp; mv /etc/ssh/moduli.tmp /etc/ssh/moduli</code>
 === '''Multi-Factor Authentication''' (OpenSSH 6.3+) ===
@@ Line 177: / Line 190: @@
 * NIST curves (<code>ecdh-sha2-nistp512,ecdh-sha2-nistp384,ecdh-sha2-nistp256</code>) are listed for compatibility, but the use of <code>curve25519</code> is [https://safecurves.cr.yp.to/ generally preferred].
-* SSH protocol 2 supports [https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange DH] and [https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman ECDH] key-exchange as well as [https://en.wikipedia.org/wiki/Forward_secrecy forward secrecy].
+* SSH protocol 2 supports [https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange DH] and [https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman ECDH] key-exchange as well as [https://en.wikipedia.org/wiki/Forward_secrecy forward secrecy]. Regarding group sizes, please refer to [[Security/Guidelines/Key_Management]].
 The various algorithms supported by a particular OpenSSH version can be listed with the following commands:
@@ Line 305: / Line 318: @@
 Existing keys are generally stored in <code>~/.ssh/</code> (Linux/OSX) or <code>%APPDATA%</code> (Windows).
-Look for <code>id_{rsa,ed25519,ecdsa,dsa}</code>,  or legacy <code>identity</code> files.
+Look for <code>id_{rsa,ed25519,ecdsa,dsa}, identity, IdentityFile, *.pem</code>, and other <code>identity</code> files.
 ==== Display SSH keys information ====
@@ Line 434: / Line 447: @@
 * OpenSSH server keys (<code>/etc/ssh/ssh_host_*key</code>)
 * Client keys (<code>~/.ssh/id_{rsa,dsa,ecdsa,ed25519}</code> and <code>~/.ssh/identity</code>).
-* <code>/etc/ssh/moduli</code> also contains prime numbers and generators for use in the Diffie-Hellman key exchange and must be handled like key material.
 == Client key size and login latency ==
@@ Line 473: / Line 485: @@
 * [http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.9&content-type=text/plain PROTOCOL.certkeys]
 * [https://wiki.gnupg.org/rfc4880bis rfc44880bis from GnuPG]
+* [https://weakdh.org/ Weak Diffie-Hellman and the Logjam Attack]
+* [https://jbeekman.nl/blog/2015/05/ssh-logjam/ On OpenSSH and Logjam, by Jethro Beekman]