Bug#1000198: openssh-server: insecure algorithms reported by ssh-audit
Package: openssh-server
Version: 1:8.7p1-2
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Running 'ssh-audit' reported that several algorithms considered vulnerable are enabled in the defaults that ship with openssh-server on Debian.
Some of the recommended removals may be intentionally enabled for backward-compatibility, while others may be good candidates for disabling. I'll leave it up to the maintainers to decide what is the best course of action for each case.
Martin-Éric
$ ssh-audit 172.16.1.1
# general
(gen) banner: SSH-2.0-OpenSSH_8.7p1 Debian-2
(gen) software: OpenSSH 8.7p1
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
(gen) compression: enabled (zlib@openssh.com)
# key exchange algorithms
(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4
(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
(kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
# host-key algorithms
(key) rsa-sha2-512 (2048-bit) -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256 (2048-bit) -- [info] available since OpenSSH 7.2
(key) ssh-rsa (2048-bit) -- [fail] using weak hashing algorithm
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
`- [warn] using weak random number generator could reveal the key
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
# encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
`- [info] default cipher since OpenSSH 6.9.
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr -- [info] available since OpenSSH 3.7
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
# message authentication code algorithms
(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
`- [info] available since OpenSSH 6.2
(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
`- [info] available since OpenSSH 6.2
(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
`- [warn] using small 64-bit tag size
`- [info] available since OpenSSH 4.7
(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
`- [warn] using weak hashing algorithm
`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
# fingerprints
(fin) ssh-ed25519: SHA256: (***removed from bug report***)
(fin) ssh-rsa: SHA256: (***removed from bug report***)
# algorithm recommendations (for OpenSSH 8.7)
(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
(rec) -ssh-rsa -- key algorithm to remove
(rec) +sk-ssh-ed25519@openssh.com -- key algorithm to append
(rec) -hmac-sha1 -- mac algorithm to remove
(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
(rec) -hmac-sha2-256 -- mac algorithm to remove
(rec) -hmac-sha2-512 -- mac algorithm to remove
(rec) -umac-128@openssh.com -- mac algorithm to remove
(rec) -umac-64-etm@openssh.com -- mac algorithm to remove
(rec) -umac-64@openssh.com -- mac algorithm to remove
# additional info
(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
- -- System Information:
Debian Release: bookworm/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'stable-security'), (500, 'testing')
Architecture: i386 (i586)
Kernel: Linux 5.14.0-2-686 (SMP w/1 CPU thread)
Kernel taint flags: TAINT_CPU_OUT_OF_SPEC
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openssh-server depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.79
ii dpkg 1.20.9
ii libaudit1 1:3.0.6-1+b1
ii libc6 2.32-4
ii libcom-err2 1.46.4-1
ii libcrypt1 1:4.4.26-1
ii libgssapi-krb5-2 1.18.3-7
ii libkrb5-3 1.18.3-7
ii libpam-modules 1.4.0-10
ii libpam-runtime 1.4.0-10
ii libpam0g 1.4.0-10
ii libselinux1 3.3-1+b1
ii libssl1.1 1.1.1l-1
ii libsystemd0 249.5-2
ii libwrap0 7.6.q-31
ii lsb-base 11.1.0
ii openssh-client 1:8.7p1-2
ii openssh-sftp-server 1:8.7p1-2
ii procps 2:3.3.17-5
ii runit-helper 2.10.3
ii ucf 3.0043
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages openssh-server recommends:
ii libpam-systemd [logind] 249.5-2
ii ncurses-term 6.2+20201114-4
ii xauth 1:1.1-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn ssh-askpass <none>
pn ufw <none>
- -- debconf information:
ssh/new_config: true
openssh-server/password-authentication: true
* openssh-server/permit-root-login: false
ssh/vulnerable_host_keys:
ssh/disable_cr_auth: false
ssh/encrypted_host_key_but_no_keygen:
* ssh/use_old_init_script: true
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmGXpesACgkQrh+Cd8S0
17YOgg/9GLqn5teVVllt9GeqNhoDgSmauRLR+nsdZq0xQPwC5UgZIODKWu5yeFub
Y39Rix4BARtOyfi2A3+YlGS5MReAYsUcem778U2RhdsZC4vBVTYguo5cQnl9884G
U4z7DUMgJ3YGtuWG9k2z2VAdAynJExriHu/PKCdbkjDKlQouZA7AexjLVkoaxTNH
z4B08Z+3DCSd6uTK/eodEWi72dvIm9KP+ci0lhTunFxYGY28sfpnxCZb98OWs6+6
BlwlBtTdzBfVJXfCmaZejqyqIud7LmYKLjmcTsueYKS7X+/Ip0mejvyYqaAYwdcm
1qGa/mbpdMeE7M9K3KhjAHtbrTLvXx3Irq/H2UlIUBO8gPzCjFkUsEdphduGHshS
BGb/4vbTU8ZdH7IfVE5lluRjt6Jky81SGK4MSPfcIwl09kyKBXyehCG/UXxmS+wq
0nZcHkkcYycpO1RHEgr5wyMDmGStzqRakYj48Zzsse81ji0uybFcJedXUzLXSg9c
vLH8VBECXlCRnDbJAnLuacabZvUB2G9EexWmy2tij0zrbNnUd2LDsWfIij2UYQmX
IbBcp+0swFKr5ZVUFz1B/wyQ8/Aq9wGjm/dq/Fit9uQwtpWe1t8e94kaxTBxyNIg
/YwvGMikQ2iCBQ8bo8qejiHsMWDY9vWs5zQLAZBDUEWhrSvGeTg=
=xswv
-----END PGP SIGNATURE-----
Reply to: