Nowadays, the most used SSH servers are OpenSSH and Dropbear. While OpenSSH is usually used in computers and servers only, Dropbear is the SSH server of routers and other network devices that require few resources. Most of this SSH servers are usually configured just to be compatible, but don't care about security, that's why today, we are going to explain you how to audit your SSH server using the SSH-Audit tool in Ubuntu 18.04.
1. Download ssh-audit
SSH-Audit is an open source CLI tool written in Python that allows you to easily verify through different guidelines, vulnerabilities in your SSH protocol of the target server:
- SSH1 and SSH2 protocol server support;
- grab banner, recognize device or software and operating system, detect compression;
- gather key-exchange, host-key, encryption and message authentication code algorithms;
- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
- output algorithm recommendations (append or remove based on recognized software version);
- output security information (related issues, assigned CVE list, etc);
- analyze SSH version compatibility based on algorithm information;
- historical information from OpenSSH, Dropbear SSH and libssh;
- no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;
The main features of ssh-audit is that it is able to audit each and every part of the SSH server, it will be able to detect the login banner, it will detect if we are using a totally insecure protocol like ssh1 and even if we are using compression with The zlib library. At the level of communications encryption, it is able to verify the key exchange algorithms, the host's public key, symmetric encryption when communication has already been established, and also the information authentication messages. Once you have analyzed each and every one of these parameters, you will get a complete report indicating from when this option is available, if it has been eliminated or disabled, if it is unsafe, weak or if it is safe.
To download the latest release of ssh-audit, you can simply clone the source code of the official repository at Github using git:
git clone https://github.com/arthepsy/ssh-audit.git
After cloning, change of directory to the cloned one:
cd ssh-audit
And proceed with the rest of the tutorial. For more information about ssh-audit, please visit the official repository at Github here.
2. Running test
The quickest way to run the script and test your server, is to run it directly with python and provide as positional argument the domain or ip of your server:
python ssh-audit.py domain.com
For a more detailed CLI usage, you can specify some arguments to the tool with the following options:
-1
,--ssh1
: force ssh version 1 only-2
,--ssh2
: force ssh version 2 only-4
,--ipv4
: enable IPv4 (order of precedence)-6
,--ipv6
: enable IPv6 (order of precedence)-p
,--port=<port>
: port to connect-b
,--batch
: batch output-n
,--no-colors
: disable colors-v
,--verbose
: verbose output-l
,--level=<level>
: minimum output level (info|warn|fail)
For example, with a SSH Ubuntu server, a similar output should be generated in your terminal as well:
# general
(gen) banner: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
(gen) software: OpenSSH 7.2p2
(gen) compatibility: OpenSSH 7.2+, Dropbear SSH 2013.62+
(gen) compression: enabled ([email protected])
# key exchange algorithms
(kex) [email protected] -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
`- [info] available since OpenSSH 4.4
(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
`- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
# host-key algorithms
(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
(key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
`- [warn] using weak random number generator could reveal the key
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
# encryption algorithms (ciphers)
(enc) [email protected] -- [info] available since OpenSSH 6.5
`- [info] default cipher since OpenSSH 6.9.
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr -- [info] available since OpenSSH 3.7
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) [email protected] -- [info] available since OpenSSH 6.2
(enc) [email protected] -- [info] available since OpenSSH 6.2
# message authentication code algorithms
(mac) [email protected] -- [warn] using small 64-bit tag size
`- [info] available since OpenSSH 6.2
(mac) [email protected] -- [info] available since OpenSSH 6.2
(mac) [email protected] -- [info] available since OpenSSH 6.2
(mac) [email protected] -- [info] available since OpenSSH 6.2
(mac) [email protected] -- [warn] using weak hashing algorithm
`- [info] available since OpenSSH 6.2
(mac) [email protected] -- [warn] using encrypt-and-MAC mode
`- [warn] using small 64-bit tag size
`- [info] available since OpenSSH 4.7
(mac) [email protected] -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
`- [warn] using weak hashing algorithm
`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
# algorithm recommendations (for OpenSSH 7.2)
(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
(rec) -hmac-sha2-512 -- mac algorithm to remove
(rec) [email protected] -- mac algorithm to remove
(rec) -hmac-sha2-256 -- mac algorithm to remove
(rec) [email protected] -- mac algorithm to remove
(rec) -hmac-sha1 -- mac algorithm to remove
(rec) [email protected] -- mac algorithm to remove
(rec) [email protected] -- mac algorithm to remove
For example, in our exchange algorithms, the KEX ecdh-sha2-nistp256 throws an error about weak elliptic curves. The SSH dev community is divided on this implementation, because Elliptic Curve Diffie-Hellman (ECDH) are often implemented, basically because they are smaller and faster than using large FFC primes with traditional Diffie-Hellman (DH), so this curve may not be as useful and strong as desired for handling TOP SECRET information for some applications. The SSH development community is divided on this and many implementations do exist.
As on every auditing tool, you should always be sure that removing some features just because the tool tells you to, may not be the wisest choice, as in this case, if any traditional ECDH key exchange methods are implemented, then this method should of course be implemented.
Happy auditing !