Friday, February 24, 2017

Securing Mac OSX 10.12.6 Sierra's OpenSSH Server / Client

I was tasked with a more formal chore of securing a few other alternate systems so I thought I'd look at what OSX 10.12.6 has done in the way of OpenSSH versioning as well as its default configuration.  I was impressed, it's actually not bad!  In fact, as if it weren't obvious, I'm a huge fan (and supporter) of OpenBSD's efforts.  Note that the version compiled in 10.12.6 is actually utilizing OpenBSD's LibreSSL instead of OpenSSL 1.x.bug.ridden.rubbish.  I'm not sure when this happened, but that's a very progressive decision for such a huge vendor to make.  As of this writing, the latest version of OpenSSH is 7.5p1 -- OSX Sierra is at 7.4p1 - well done, Apple!

A few commands to get started that are important.

To get the entire default configuration:

qmp:~ root# sshd -T


To get the ssh (and sshd) version:

qmp:~ root# ssh -V
OpenSSH_7.4p1, LibreSSL 2.5.0

To get the supported cipher list:

qmp:~ root# ssh -Q cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

To get the supported key exchange algorithms:

qmp:~ root# ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org

To get the supported MACs:

qmp:~ root# ssh -Q mac 
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com

Here is my suggested configuration as of this writing if you plan to continue using keyboard/password authentication, but ideally you should be using public/private keys and set 'passwordauthentication no'.  This is a STRICT configuration that will likely decline most older clients.  You've been advised!

qmp:~ root# cat /etc/ssh/sshd_config

port 22
protocol 2
addressfamily inet
listenaddress 127.0.0.1:22
usepam yes
serverkeybits 2048
logingracetime 30
keyregenerationinterval 3600
x11displayoffset 10
maxauthtries 6
maxsessions 10
clientaliveinterval 0
clientalivecountmax 3
streamlocalbindmask 0177
permitrootlogin no
ignorerhosts yes
ignoreuserknownhosts no
rhostsrsaauthentication no
hostbasedauthentication no
hostbasedusesnamefrompacketonly no
rsaauthentication no
pubkeyauthentication yes
kerberosauthentication no
kerberosorlocalpasswd yes
kerberosticketcleanup yes
gssapiauthentication no
gssapicleanupcredentials yes
passwordauthentication yes
kbdinteractiveauthentication yes
challengeresponseauthentication yes
printmotd yes
printlastlog yes
x11forwarding no
x11uselocalhost yes
permittty yes
permituserrc yes
strictmodes yes
tcpkeepalive yes
permitemptypasswords no
permituserenvironment no
uselogin no
compression delayed
gatewayports no
usedns no
allowtcpforwarding no
allowagentforwarding no
allowstreamlocalforwarding no
streamlocalbindunlink no
useprivilegeseparation sandbox
fingerprinthash SHA512
pidfile /var/run/sshd.pid
xauthlocation xauth
ciphers chacha20-poly1305@openssh.com
macs hmac-sha2-512-etm@openssh.com
versionaddendum none
kexalgorithms curve25519-sha256@libssh.org
hostbasedacceptedkeytypes ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
hostkeyalgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
pubkeyacceptedkeytypes ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
loglevel INFO
syslogfacility AUTH
authorizedkeysfile .ssh/authorized_keys
hostkey /etc/ssh/ssh_host_ed25519_key
acceptenv LANG
acceptenv LC_*
authenticationmethods any
subsystem sftp /usr/libexec/sftp-server
maxstartups 10:30:100
permittunnel no
ipqos lowdelay throughput
rekeylimit 0 0
permitopen 127.0.0.1:1

If you're going to use the AES128-GCM@OPENSSH.COM and AES256-GCM@OPENSSH.COM ciphers, you might consider filtering your /etc/ssh/moduli to remove anything < 4095 bits. You'll be left with about 118 entries.

Happy hardening!

No comments:

Post a Comment