align soft-serve ssh server [config] with ssh-audits recommendations
QuantumLibet opened this issue Ā· comments
Is your feature request related to a problem? Please describe.
It would be great, if the soft-serve SSH server could be configurable.
Background:
When auditing SSH servers using https://github.com/jtesta/ssh-audit, it appears that the soft-serve SSH server has several security vulnerabilities.
These vulnerabilities are likely related to the default configuration of the included dropbear SSH server.
Describe the solution you'd like
To improve security, additional configuration parameters for SSH configuration such as KExAlgorithms, Ciphers, and MACs could be added to the soft-serve config.yaml.
Alternatively, soft-serve could read the sshd configuration files from the same path as the 'key_path' config option, for example, 'server_config_path: ssh/sshd_config'.
Additional context
The following is the output of ssh-audit v3.1.0 agains soft-serve v0.7.4 (d483565).
The command used was: docker run --rm positronsecurity/ssh-audit 1.2.3.4 -p 23231
Please note the CVE's at the beginning and the '[fail]' and '[warn]' remarks.
The original is using colors, which makes things easier to read.
# general
(gen) banner: SSH-2.0-OpenSSH_7.6p1
(gen) software: OpenSSH 7.6p1
(gen) compatibility: OpenSSH 7.4+ (some functionality from 6.6), Dropbear SSH 2018.76+
(gen) compression: disabled
# security
(cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege escalation via supplemental groups
(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers
(cve) CVE-2018-15919 -- (CVSSv2: 5.3) username enumeration via GS2
(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies
(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response
# key exchange algorithms
(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
`- [info] default key exchange since OpenSSH 6.4
(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
`- [info] default key exchange since OpenSSH 6.4
(kex) ecdh-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp384 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp521 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group14-sha256 -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
`- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group14-sha1 -- [fail] using broken SHA-1 hash algorithm
`- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
`- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
# host-key algorithms
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
# encryption algorithms (ciphers)
(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
(enc) chacha20-poly1305@openssh.com -- [warn] vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation
`- [info] available since OpenSSH 6.5
`- [info] default cipher since OpenSSH 6.9
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr -- [info] available since OpenSSH 3.7
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
# message authentication code algorithms
(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm
`- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
(mac) hmac-sha1-96 -- [fail] using broken SHA-1 hash algorithm
`- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
# algorithm recommendations (for OpenSSH 7.6)
(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
(rec) -hmac-sha1 -- mac algorithm to remove
(rec) -hmac-sha1-96 -- mac algorithm to remove
(rec) +diffie-hellman-group-exchange-sha256-- kex algorithm to append
(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append
(rec) +diffie-hellman-group18-sha512 -- kex algorithm to append
(rec) +rsa-sha2-256 -- key algorithm to append
(rec) +rsa-sha2-512 -- key algorithm to append
(rec) -chacha20-poly1305@openssh.com -- enc algorithm to remove
(rec) -diffie-hellman-group14-sha256 -- kex algorithm to remove
(rec) -hmac-sha2-256 -- mac algorithm to remove
(rec) -hmac-sha2-512 -- mac algorithm to remove
Hi @QuantumLibet, thanks for writing this report. Looking more into this, I'm suspecting that the report is a bit inaccurate since Soft Serve uses Golang SSH and not Dropbear. The version reported is also misleading because that's the default version Wish uses.
Let me know if this helps :)
Hi @aymanbagabas.
Thank you for your feedback. However, I was in no way concerned with the exact identification of the SSH engine.
The post is a feature request to enable configurability of the SSH server.