From c9a2f2955c47feab371af9f3b3e8ea7d1ff73c89 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Sat, 8 Feb 2020 23:56:54 -0500 Subject: [PATCH] Marked host key type 'ssh-rsa' as weak due to practical SHA-1 collisions. --- README.md | 1 + ssh-audit.py | 4 ++-- test/docker/expected_results/dropbear_2019.78_test1.txt | 5 ++--- test/docker/expected_results/openssh_4.0p1_test1.txt | 4 ++-- test/docker/expected_results/openssh_5.6p1_test1.txt | 4 ++-- test/docker/expected_results/openssh_5.6p1_test2.txt | 5 +++-- test/docker/expected_results/openssh_5.6p1_test3.txt | 5 +++-- test/docker/expected_results/openssh_5.6p1_test4.txt | 4 +++- test/docker/expected_results/openssh_5.6p1_test5.txt | 4 +++- test/docker/expected_results/openssh_8.0p1_test1.txt | 4 +++- test/docker/expected_results/openssh_8.0p1_test2.txt | 1 - test/docker/expected_results/openssh_8.0p1_test3.txt | 1 - 12 files changed, 24 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 974597d..1d86336 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ Guides to harden server & client configuration can be found here: [https://www.s ## ChangeLog ### v2.1.2 (???) + - Marked host key type `ssh-rsa` as weak due to practical SHA-1 collisions. - Added Windows builds. - Added 10 new host key types: `ecdsa-sha2-1.3.132.0.10`, `x509v3-sign-dss`, `x509v3-sign-rsa`, `x509v3-sign-rsa-sha256@ssh.com`, `x509v3-ssh-dss`, `x509v3-ssh-rsa`, `sk-ecdsa-sha2-nistp256-cert-v01@openssh.com`, `sk-ecdsa-sha2-nistp256@openssh.com`, `sk-ssh-ed25519-cert-v01@openssh.com`, and `sk-ssh-ed25519@openssh.com`. - Added 18 new key exchanges: `diffie-hellman-group14-sha256@ssh.com`, `diffie-hellman-group15-sha256@ssh.com`, `diffie-hellman-group15-sha384@ssh.com`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com`, `ecdh-sha2-curve25519`, `ecdh-sha2-nistb233`, `ecdh-sha2-nistb409`, `ecdh-sha2-nistk163`, `ecdh-sha2-nistk233`, `ecdh-sha2-nistk283`, `ecdh-sha2-nistk409`, `ecdh-sha2-nistp192`, `ecdh-sha2-nistp224`, `ecdh-sha2-nistt571`, `gss-gex-sha1-`, and `gss-group1-sha1-`. diff --git a/ssh-audit.py b/ssh-audit.py index d5f8d18..d6a3f84 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -393,7 +393,7 @@ class SSH2(object): # pylint: disable=too-few-public-methods 'rsa-sha2-512': [['7.2']], 'ssh-ed25519': [['6.5,l10.7.0']], 'ssh-ed25519-cert-v01@openssh.com': [['6.5']], - 'ssh-rsa': [['2.5.0,d0.28,l10.2']], + 'ssh-rsa': [['2.5.0,d0.28,l10.2'], [WARN_HASH_WEAK]], 'ssh-dss': [['2.1.0,d0.28,l10.2', '6.9'], [FAIL_OPENSSH70_WEAK], [WARN_MODULUS_SIZE, WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp256': [['5.7,d2013.62,l10.6.4'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]], 'ecdsa-sha2-nistp384': [['5.7,d2013.62,l10.6.4'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]], @@ -1828,7 +1828,7 @@ class SSH(object): # pylint: disable=too-few-public-methods else: if faults == 0: continue - if n in ['diffie-hellman-group-exchange-sha256', 'ssh-rsa', 'rsa-sha2-256', 'rsa-sha2-512', 'ssh-rsa-cert-v01@openssh.com']: + if n in ['diffie-hellman-group-exchange-sha256', 'rsa-sha2-256', 'rsa-sha2-512', 'ssh-rsa-cert-v01@openssh.com']: rec[sshv][alg_type]['chg'][n] = faults else: rec[sshv][alg_type]['del'][n] = faults diff --git a/test/docker/expected_results/dropbear_2019.78_test1.txt b/test/docker/expected_results/dropbear_2019.78_test1.txt index f4ee85e..4029afc 100644 --- a/test/docker/expected_results/dropbear_2019.78_test1.txt +++ b/test/docker/expected_results/dropbear_2019.78_test1.txt @@ -22,7 +22,8 @@ (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves  `- [warn] using weak random number generator could reveal the key `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 -(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus +(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm + `- [warn] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm  `- [warn] using small 1024-bit modulus @@ -63,7 +64,6 @@ (fin) ssh-rsa: SHA256:CDfAU12pjQS7/91kg7gYacza0U/6PDbE04Ic3IpYxkM # algorithm recommendations (for Dropbear SSH 2019.78) -(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  (rec) -3des-ctr -- enc algorithm to remove  (rec) -aes128-cbc -- enc algorithm to remove  @@ -71,7 +71,6 @@ (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove  -(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -ssh-dss -- key algorithm to remove  (rec) +diffie-hellman-group16-sha512 -- kex algorithm to append  diff --git a/test/docker/expected_results/openssh_4.0p1_test1.txt b/test/docker/expected_results/openssh_4.0p1_test1.txt index 1ab525a..fb7c724 100644 --- a/test/docker/expected_results/openssh_4.0p1_test1.txt +++ b/test/docker/expected_results/openssh_4.0p1_test1.txt @@ -38,7 +38,8 @@ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 # host-key algorithms -(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus +(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm + `- [warn] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm  `- [warn] using small 1024-bit modulus @@ -116,7 +117,6 @@ (fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4 # algorithm recommendations (for OpenSSH 4.0) -(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  (rec) -aes128-cbc -- enc algorithm to remove  (rec) -aes192-cbc -- enc algorithm to remove  diff --git a/test/docker/expected_results/openssh_5.6p1_test1.txt b/test/docker/expected_results/openssh_5.6p1_test1.txt index 72883da..ca3074d 100644 --- a/test/docker/expected_results/openssh_5.6p1_test1.txt +++ b/test/docker/expected_results/openssh_5.6p1_test1.txt @@ -32,7 +32,8 @@ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 # host-key algorithms -(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus +(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm + `- [warn] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm  `- [warn] using small 1024-bit modulus @@ -122,7 +123,6 @@ # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger)  -(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  (rec) -aes128-cbc -- enc algorithm to remove  (rec) -aes192-cbc -- enc algorithm to remove  diff --git a/test/docker/expected_results/openssh_5.6p1_test2.txt b/test/docker/expected_results/openssh_5.6p1_test2.txt index d952848..bc3bcfa 100644 --- a/test/docker/expected_results/openssh_5.6p1_test2.txt +++ b/test/docker/expected_results/openssh_5.6p1_test2.txt @@ -32,7 +32,8 @@ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 # host-key algorithms -(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus +(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm + `- [warn] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 (key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 5.6 @@ -120,7 +121,6 @@ # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger)  -(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger)  (rec) !ssh-rsa-cert-v01@openssh.com -- key algorithm to change (increase modulus size to 2048 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  (rec) -aes128-cbc -- enc algorithm to remove  @@ -139,6 +139,7 @@ (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  +(rec) -ssh-rsa -- key algorithm to remove  (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  # additional info diff --git a/test/docker/expected_results/openssh_5.6p1_test3.txt b/test/docker/expected_results/openssh_5.6p1_test3.txt index cb1217e..0a23fa8 100644 --- a/test/docker/expected_results/openssh_5.6p1_test3.txt +++ b/test/docker/expected_results/openssh_5.6p1_test3.txt @@ -32,7 +32,8 @@ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 # host-key algorithms -(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus +(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm + `- [warn] using small 1024-bit modulus `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 (key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 5.6 @@ -120,7 +121,6 @@ # algorithm recommendations (for OpenSSH 5.6) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger)  -(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger)  (rec) !ssh-rsa-cert-v01@openssh.com -- key algorithm to change (increase modulus size to 2048 bits or larger)  (rec) -3des-cbc -- enc algorithm to remove  (rec) -aes128-cbc -- enc algorithm to remove  @@ -139,6 +139,7 @@ (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  +(rec) -ssh-rsa -- key algorithm to remove  (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  # additional info diff --git a/test/docker/expected_results/openssh_5.6p1_test4.txt b/test/docker/expected_results/openssh_5.6p1_test4.txt index 9b84b6b..ca183fa 100644 --- a/test/docker/expected_results/openssh_5.6p1_test4.txt +++ b/test/docker/expected_results/openssh_5.6p1_test4.txt @@ -32,7 +32,8 @@ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 # host-key algorithms -(key) ssh-rsa (3072-bit) -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 +(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 (key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using small 1024-bit modulus `- [info] available since OpenSSH 5.6 @@ -137,6 +138,7 @@ (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  +(rec) -ssh-rsa -- key algorithm to remove  (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  # additional info diff --git a/test/docker/expected_results/openssh_5.6p1_test5.txt b/test/docker/expected_results/openssh_5.6p1_test5.txt index e2e3479..111921f 100644 --- a/test/docker/expected_results/openssh_5.6p1_test5.txt +++ b/test/docker/expected_results/openssh_5.6p1_test5.txt @@ -32,7 +32,8 @@ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 # host-key algorithms -(key) ssh-rsa (3072-bit) -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 +(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 (key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [info] available since OpenSSH 5.6 # encryption algorithms (ciphers) @@ -135,6 +136,7 @@ (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  (rec) -hmac-sha1-96 -- mac algorithm to remove  (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  +(rec) -ssh-rsa -- key algorithm to remove  (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  # additional info diff --git a/test/docker/expected_results/openssh_8.0p1_test1.txt b/test/docker/expected_results/openssh_8.0p1_test1.txt index 129f107..6758646 100644 --- a/test/docker/expected_results/openssh_8.0p1_test1.txt +++ b/test/docker/expected_results/openssh_8.0p1_test1.txt @@ -23,7 +23,8 @@ # host-key algorithms (key) rsa-sha2-512 (3072-bit) -- [info] available since OpenSSH 7.2 (key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2 -(key) ssh-rsa (3072-bit) -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 +(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves  `- [warn] using weak random number generator could reveal the key `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 @@ -68,6 +69,7 @@ (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove  (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove  (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove  +(rec) -ssh-rsa -- key algorithm to remove  (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove  diff --git a/test/docker/expected_results/openssh_8.0p1_test2.txt b/test/docker/expected_results/openssh_8.0p1_test2.txt index bf35175..a13be8a 100644 --- a/test/docker/expected_results/openssh_8.0p1_test2.txt +++ b/test/docker/expected_results/openssh_8.0p1_test2.txt @@ -63,7 +63,6 @@ (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove  (rec) +rsa-sha2-256 -- key algorithm to append  (rec) +rsa-sha2-512 -- key algorithm to append  -(rec) +ssh-rsa -- key algorithm to append  (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  (rec) -hmac-sha1 -- mac algorithm to remove  (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove  diff --git a/test/docker/expected_results/openssh_8.0p1_test3.txt b/test/docker/expected_results/openssh_8.0p1_test3.txt index 9a5bcc3..5b20c3f 100644 --- a/test/docker/expected_results/openssh_8.0p1_test3.txt +++ b/test/docker/expected_results/openssh_8.0p1_test3.txt @@ -35,5 +35,4 @@ (rec) +diffie-hellman-group18-sha512 -- kex algorithm to append  (rec) +rsa-sha2-256 -- key algorithm to append  (rec) +rsa-sha2-512 -- key algorithm to append  -(rec) +ssh-rsa -- key algorithm to append