Secure OpenSSH defaults
This is one part in a series on OpenSSH client configuration. Also read Elegant OpenSSH configuration and The SSH agent.
It’s good practice to harden our ssh client with some secure “defaults”.
Starting your configuration file with the following directives will
apply the directives to all (*) hosts.
(These are listed as multiple Host * stanzas, but they can be
combined into a single stanza in your actual configuration file.)
If you prefer, follow along with an example of a complete ~/.ssh/config file.
Require secure algorithms
OpenSSH supports many encryption and authentication algorithms, but some of those algorithms are known to be weak to cryptographic attack. The Mozilla project publishes a list of recommended algorithms that exclude algorithms that are known to be insecure.
Host * HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1
(More information on the the available encryption and authentication algorithms, and how a recommended set is derived, is available in this fantastic blog post, “Secure secure shell.”)
Hash your known_hosts file
Every time you connect to an SSH server, your client caches a copy of
the remote server’s host key in a ~/.ssh/known_hosts file. If your
ssh client is ever compromised, this list can expose the remote servers
to attack using your compromised credentials. Be a good citizen and hash
your known hosts file.
Host * HashKnownHosts yes
(Hash any existing entries in your ~/.ssh/known_hosts file by
running ssh-keygen -H. Don’t forget to remove the backup
~/.ssh/known_hosts.old.)
$ ssh-keygen -H $ rm -i ~/.ssh/known_hosts.old
No roaming
Finally, disable the experimental “roaming” feature to mitigate exposure to a pair of potential vulnerabilities, CVE-2016-0777 and CVE-2016-0778.
Host * UseRoaming no
Dealing with insecure servers
Some servers are old enough that they may not support the newer, more
secure algorithms listed. In the RC environment, for example, the login
and other Internet-accessible systems provide relatively modern ssh
algorithms; but the host in the rc.int.colorado.edu domain may not.
To support connection to older hosts while requiring newer algorithms by default, override these settings earlier in the configuration file.
# Internal RC hosts are running an old version of OpenSSH Match host=*.rc.int.colorado.edu MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96