Secure Shell (SSH) is a method to securely communicate between computers. This page will discuss SSH under the context of the OpenSSH server.


Theory & Cryptography[edit]

SSH supports different key exchange algorithms, ciphers, and message authentication codes (MACs). The server and client negotiates and chooses a set of these algorithms that are supported by both and then proceeds with the key exchange.

Key Exchange[edit]

SSH handles key exchange using one of two ways: Diffie-Hellman and Elliptic Curve Diffie-Hellman. A shared secret is generated between the client and server for every session which will be used as the key, thereby providing forward secrecy.

Diffie-Hellman works with a multiplicative group of integers modulo a prime. Its security is based on the hardness of the discrete logarithm problem.

Elliptic Curve Diffie-Hellman works with elliptic curves over finite fields. Its security is based on the hardness of the elliptic curve discrete logarithm problem.

Authentication[edit]

With a shared secret derived from Diffie-Hellman, the client and server need to prove to each other they are who they are.

The server proves its identity to the client by signing the shared secret (the key) using a public key algorithm.

The client proves its identity to the server by using:

  1. Password authentication
  2. Public Key Authentication (same as the server's)

Symmetric Ciphers[edit]

With a shared key in place, data can be encrypted and decrypted between the client and server using symmetric ciphers.

Message Authentication Codes[edit]

Message authentication codes provide integrity. An authenticated encryption cipher mode already provides integrity, so extra MACs are not used. MACs are calculated and attached to every message if CTR is used.

There are multiple ways to combine ciphers and MACs:

  • Encrypt-then-MAC: encrypt the message, then attach the MAC of the ciphertext.
  • MAC-then-encrypt: attach the MAC of the plaintext, then encrypt everything.
  • Encrypt-and-MAC: encrypt the message, then attach the MAC of the plaintext.

MAC-then-encrypt and Encrypt-and-MAC are prone to leak information because attackers can control an aspect of the system and perform timing attacks (eg: verifying a message vs. decrypting a message for Encrypt-and-MAC).


Configuration[edit]

Server-side Configuration[edit]

Here are a few things you should do on the server side configuration to secure OpenSSH.

Disable Weak Key Exchange Protocols[edit]

SSH supports a few protocols containing different factors:

  1. ECDH curve choice
  2. Bit size of the DH modulus
  3. The hash function.

To provide good security:

  • Avoid NIST curves - they leak data and cannot be trusted.
  • Bit sizes smaller than 1024 does not provide sufficient security
  • Do not use SHA1

This means, your sshd_config should contain:

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

And your ssh_config should contain:

Host *
    KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

Prime numbers smaller than 2000 bits should also be removed from the /etc/ssh/moduli file (the 5th column).

Disable Weak Server Authentication[edit]

There are 4 public key algorithms for server authentication.

  1. DSA with SHA1
  2. ECDSA with SHA256, SHA384 or SHA512 depending on key size
  3. Ed25519 with SHA512
  4. RSA with SHA1

For security:

  1. Do not use SSH v1
  2. Avoid DSA which requires exactly 1024 bits.
  3. Avoid NIST (ECDSA uses it)
  4. DSA and ECDSA requires randomness for its signatures. If random numbers are bad, it is possible to recover the secret key.

Using SHA1 here is not an issue if the value being signed is using something stronger (eg SHA2).

Your sshd_config should contain:

Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key

Disable Weak Symmetric Ciphers[edit]

For security:

  1. Do not use DES and RC4 ciphers
  2. At least 128 bits
  3. Do not use Blowfish and Cast128 block ciphers since they use 64 bit block sizes.
  4. Authenticated Encryption ciphers should be used so MAC isn't required. But CTR with Encrypt then MAC is also fine.

Your sshd_config should contain:

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

Your ssh_config should contain:

Host *
    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

Disable Weak MACs[edit]

For security:

  1. Do not use MD5 or SHA1 hashing algorithms
  2. Encrypt-then-MAC only
  3. Tag and key size must be at least 128 bits

Your sshd_config should contain:

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com


Client-side Configuration[edit]

You can customize SSH's default behavior using a SSH configuration file located at ~/.ssh/config.

Defining custom hosts in your SSH config file allows you to connect to a host by its name without needing to specify details such as username, port, and keys.

Host dev
    HostName dev.example.com
    Port 2222
    User leo

With the host defined, connecting to dev.example.com only requires executing ssh dev without any other arguments required.

Use Case: GitHub[edit]

If you ever have more than one set of SSH private keys, defining a custom host is virtually required in order to make use of services such as GitHub or GitLab where pushing git changes requires key based SSH authentication.

Host github.com
    User git
    Port 22
    IdentityFile ~/.ssh/github_rsa

With that defined, ssh github.com will connect you as git using the private key github_rsa.


Tips & Tricks with SSH[edit]

Tar Pipe[edit]

You can send files via SSH using tar:

# tar -czvf - /dir

Forward Tunnel[edit]

A forward tunnel will let you connect to a remote server that is behind a firewall or gateway that is preventing you from connecting to the server directly.

[ Your Computer ]  <-------->  { Internet }  <--------> [ Remote Gateway ] <--------> [ Target Web Server ]
                                                                    ^---------------> [ Remote SSH Server]

HTTP / HTTPS[edit]

To access a remote HTTP/HTTPS server that is behind a firewall or NAT using a SSH server that is on the same network:

  1. Connect to a server that has direct access to the server (ie. something inside the NAT or Firewall)
  2. Create a port forward in PuTTY (configuration -> connection -> ssh -> tunnels)
    • Set source port to some arbitrary port, eg. 9000
    • Set "destination" to the remote HTTP/HTTPS server. eg. 10.1.1.1:80
    • Set the tunnel to "local" and "auto"
  3. Open a browser, and go to http://localhost:9000/

Example Use Case[edit]

  • You can use this method to manage your home router.
  • You can connect to an internal server such as an ESXi server via HTTPs. (which ports?)


See Also[edit]

Enable Dark Mode!