Kaushal Shriyan
2021-May-25 12:34 UTC
Validate SSH hardening to address the vulnerabilities
Hi, I am running openssh-server-7.4p1-21.el7.x86_64 on CentOS Linux release 7.9.2009 (Core). #cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core) #rpm -qa | grep -i ssh openssh-clients-7.4p1-21.el7.x86_64 libssh2-1.8.0-4.el7.x86_64 openssh-7.4p1-21.el7.x86_64 openssh-server-7.4p1-21.el7.x86_64 # I have configured the below SSH configuration as part of hardening to address vulnerabilities. KexAlgorithms curve25519-sha256,curve25519-sha256 at libssh.org> ,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256 > Ciphers chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com, > aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr > MACs hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.comIs there a way to validate if the above Key exchange, Cipher and MAC algorithms address the vulnerabilities? Please guide. Thanks in advance. Best Regards, Kaushal
Joseph S. Testa II
2021-May-25 18:53 UTC
Validate SSH hardening to address the vulnerabilities
On Tue, 2021-05-25 at 18:04 +0530, Kaushal Shriyan wrote:> Is there a way to validate if the above Key exchange, Cipher and MAC > algorithms address the vulnerabilities?For a command-line tool, see ssh-audit: https://github.com/jtesta/ssh-audit For a web front-end that gives prettier results (and references): https://www.ssh-audit.com/ - Joe -- Joseph S. Testa II Founder & Principal Security Consultant Positron Security