Monday, April 1, 2013

ssh and ciphers tips/tricks


In this post we will look at how to change ssh encryption ciphers and how to determine what the remote host supports.


Here’s a snippet from log buffer from a cisco  IOS router that has ssh logging enabled
( ip ssh logging events )

(AES128)
Apr  1 13:31:16.433 UTC: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.0.2.1(tty = 0) using crypto cipher 'aes128-cbc', hmac 'hmac-md5' Succeeded
Apr  1 13:31:19.877 UTC: %SSH-5-SSH2_USERAUTH: User 'kfelix' authentication for SSH2 Session from 192.0.2.1(tty = 0) using crypto cipher 'aes128-cbc', hmac 'hmac-md5' Succeeded

(3DES)
Apr  1 13:33:52.922 UTC: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.0.2.1(tty = 1) using crypto cipher '3des-cbc', hmac 'hmac-md5' Succeeded
Apr  1 13:33:56.366 UTC: %SSH-5-SSH2_USERAUTH: User 'kfelix' authentication for SSH2 Session from 192.0.2.1(tty = 1) using crypto cipher '3des-cbc', hmac 'hmac-md5' Succeeded

(AES192)

Apr  1 13:39:00.288 UTC: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.0.2.1(tty = 1) using crypto cipher 'aes192-cbc', hmac 'hmac-md5' Succeeded

Apr  1 13:39:03.616 UTC: %SSH-5-SSH2_USERAUTH: User 'kfelix' authentication for SSH2 Session from 192.0.2.1(tty = 1) using crypto cipher 'aes192-cbc', hmac 'hmac-md5' Succeeded



(AES256)

Apr  1 13:40:01.484 UTC: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.0.2.1(tty = 1) using crypto cipher 'aes256-cbc', hmac 'hmac-md5' Succeeded

Apr  1 13:40:04.888 UTC: %SSH-5-SSH2_USERAUTH: User 'kfelix' authentication for SSH2 Session from 192.0.2.1(tty = 1) using crypto cipher 'aes256-cbc', hmac 'hmac-md5' Succeeded



And if you specify a cipher that’s not supported you will get the following;

Apr  1 13:35:17.543 UTC: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.0.2.1(tty = 1) using crypto cipher '', hmac '' Failed
Apr  1 13:35:17.543 UTC: %SSH-5-SSH2_CLOSE: SSH2 Session from 192.0.2.1(tty = 1) for user '' using crypto cipher '', hmac '' closed
Apr  1 13:35:34.475 UTC: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.0.2.1(tty = 1) using crypto cipher '', hmac '' Failed
Apr  1 13:35:34.475 UTC: %SSH-5-SSH2_CLOSE: SSH2 Session from 192.0.2.1(tty = 1) for user '' using crypto cipher '', hmac '' closed

Okay so how did we change  our ssh client cipher? Easy we used the “-c <cipher>”  option;

ssh -c aes192-cbc 192.0.2.222

The above would used a 192 bit key. Now is bigger always better is a decision you have to make :)

Also with ssh & depending on the server, we might support the close 2nd place contender,  in the cook off for the new encryption standard proposal,  ( blowfish )

guadal:~ kfelix$ ssh -c blowfish-cbc 127.0.0.1
Password:
Password:
Last login: Mon Apr  1 09:33:39 2013

See how easy it is to change the ciphers ?

So remember you have choices for supported ciphers. With cisco, the end device ios version, platform type and model-type, will determine what’s supported. But 3des, aes128 and aes256 are the most common.

From my experience, most cisco  routers do not support blowfish and this is also hit and miss with  JunOS.

To control the support cipher type within Linux ( unix ) and those that use OpenSSH, it’s quite easy. You specify the Cipher and the cipher list in your sshd_config.



e.g ( from the man pages )

Ciphers      Specifies the ciphers allowed for protocol version 2.  Multiple          ciphers must be comma-separated.  The supported ciphers are               "3des-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc",           "aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour128",         "arcfour256", "arcfour", "blowfish-cbc", and "cast128-cbc". 

The           default is         ''aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,                    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,                    aes256-cbc,arcfour''



Here's how I changed my server to only support sshd and with the  blowfish cipher;


Echo “Ciphers blowfish-cbc,” >> sshd_config

And

cat sshd*config | grep Ciphers
Ciphers blowfish-cbc,


And now if I try anything but blowfish, it will fail;


PETRA01:~ kfelix$ ssh -c aes128-cbc 127.0.0.1
no matching cipher found: client aes128-cbc server blowfish-cbc,
PETRA01:~ kfelix$ ssh -c 3des-cbc 127.0.0.1
no matching cipher found: client 3des-cbc server blowfish-cbc,

but  with blowfish works;


PETRA01:~ kfelix$ ssh -c blowfish-cbc 127.0.0.1
Password:
Password:
Last login: Mon Apr  1 09:59:12 2013 from localhost
PETRA01:~ kfelix$

So if your having a problem with SSH access, then change the client cipher or find out what the server supports.

more can be found here;

http://www.openssh.org/features.html

note:You can  also use tshark/wireshark and the display filters for monitoring of cipher exchanges.

ssh.compression_algorithms_server_to_client
ssh.compression_algorithms_client_to_server


SSH Protocol
    SSH Version 2 (encryption:aes128-ctr mac:hmac-md5 compression:none)
        Packet Length: 700
        Padding Length: 7
        Key Exchange
            Msg code: Key Exchange Init (20)
            Algorithms
                Cookie: 8f542d94233f82d8bb80452e4cfe6e21
                kex_algorithms length: 89
                kex_algorithms string: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
                server_host_key_algorithms length: 15
                server_host_key_algorithms string: ssh-rsa,ssh-dss
                encryption_algorithms_client_to_server length: 157
                encryption_algorithms_client_to_server string: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
                encryption_algorithms_server_to_client length: 157
                encryption_algorithms_server_to_client string: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
                mac_algorithms_client_to_server length: 85
                mac_algorithms_client_to_server string: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
                mac_algorithms_server_to_client length: 85
                mac_algorithms_server_to_client string: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
                compression_algorithms_client_to_server length: 21
                compression_algorithms_client_to_server string: none,zlib@openssh.com
                compression_algorithms_server_to_client length: 21
                compression_algorithms_server_to_client string: none,zlib@openssh.com
                languages_client_to_server length: 0
                languages_server_to_client length: 0
                KEX First Packet Follows: 0
                Reserved: 00000000
            Padding String: 00000000000000

Ken Felix
Freelance Network/Security Engineer
Kfelix a-t hyperfeed  d-o-t com






 

No comments:

Post a Comment