├── .cirrus └── check_for_recommendations.sh ├── LICENSE ├── README.md ├── .cirrus.yml ├── client.md └── server.md /.cirrus/check_for_recommendations.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Check if there are still recommendations present, 4 | # and consider them as failures. 5 | 6 | cp ssh-audit.out ssh-audit-after-hardening.out 7 | sed -i '' '1,/# after hardening/d' ssh-audit-after-hardening.out 8 | recommendations=$(grep -c recommendations ssh-audit-after-hardening.out) 9 | 10 | if [ "$recommendations" -ne 0 ]; then 11 | echo "There are recommendations present!" >&2 12 | exit 1 13 | fi 14 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 2-Clause License 2 | 3 | Copyright (c) 2021, BSDlabs 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 20 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 23 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 25 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # FreeBSD OpenSSH Hardening Guides 2 | 3 | Below are guides to harden OpenSSH on FreeBSD. These instructions will result in the best possible score as of 2025-06-28. 4 | 5 | [Server Guide] 6 | 7 | [Client Guide] 8 | 9 | | [Server Guide] | [Client Guide] | 10 | | -------------: | -------------: | 11 | | [![13.5-RELEASE][server-13-5-release-badge]][builds] | [![13.5-RELEASE][client-13-5-release-badge]][builds] | 12 | | [![14.3-RELEASE][server-14-3-release-badge]][builds] | [![14.3-RELEASE][client-14-3-release-badge]][builds] | 13 | | [![15.0-CURRENT][server-15-0-current-badge]][builds] | [![15.0-CURRENT][client-15-0-current-badge]][builds] | 14 | 15 | [Client Guide]: client.md 16 | [Server Guide]: server.md 17 | [builds]: https://cirrus-ci.com/github/bsdlabs/ssh-hardening/main 18 | [client-13-5-release-badge]: https://api.cirrus-ci.com/github/bsdlabs/ssh-hardening.svg?task=Client%2013.5-RELEASE 19 | [client-14-3-release-badge]: https://api.cirrus-ci.com/github/bsdlabs/ssh-hardening.svg?task=Client%2014.3-RELEASE 20 | [client-15-0-current-badge]: https://api.cirrus-ci.com/github/bsdlabs/ssh-hardening.svg?task=Client%2015.0-CURRENT 21 | [server-13-5-release-badge]: https://api.cirrus-ci.com/github/bsdlabs/ssh-hardening.svg?task=Server%2013.5-RELEASE 22 | [server-14-3-release-badge]: https://api.cirrus-ci.com/github/bsdlabs/ssh-hardening.svg?task=Server%2014.3-RELEASE 23 | [server-15-0-current-badge]: https://api.cirrus-ci.com/github/bsdlabs/ssh-hardening.svg?task=Server%2015.0-CURRENT 24 | -------------------------------------------------------------------------------- /.cirrus.yml: -------------------------------------------------------------------------------- 1 | # Test the documentation on SSH hardening 2 | server_task: 3 | matrix: 4 | - name: Server 13.5-RELEASE 5 | freebsd_instance: 6 | image_family: freebsd-13-5 7 | - name: Server 14.3-RELEASE 8 | freebsd_instance: 9 | image_family: freebsd-14-3 10 | - name: Server 15.0-CURRENT 11 | freebsd_instance: 12 | image_family: freebsd-15-0-snap 13 | ssh-hardening_script: 14 | - sed -i '' 's/^/#/' server.md 15 | - sed -i '' '/^# .*$/d' server.md 16 | - sed -i '' 's/^# //' server.md 17 | - printf "#\!/bin/sh\n%s\n" "$(cat server.md)" > ssh-hardening.sh 18 | - sh ./ssh-hardening.sh 19 | - sh .cirrus/check_for_recommendations.sh 20 | 21 | always: 22 | ssh-audit.out_artifacts: 23 | path: ssh-audit.out 24 | type: text/plain 25 | 26 | client_task: 27 | matrix: 28 | - name: Client 13.5-RELEASE 29 | freebsd_instance: 30 | image_family: freebsd-13-5 31 | - name: Client 14.3-RELEASE 32 | freebsd_instance: 33 | image_family: freebsd-14-3 34 | - name: Client 15.0-CURRENT 35 | freebsd_instance: 36 | image_family: freebsd-15-0-snap 37 | install_ssh-audit_script: pkg install -y security/py-ssh-audit 38 | ssh-audit_background_script: ssh-audit -c --no-colors | tee ssh-audit-client.out 39 | ssh-hardening_script: 40 | - grep printf client.md > client.subr 41 | - sed -i '' 's|~|/root|g' client.subr 42 | - printf "#\!/bin/sh\nset -e\n%s\n" "$(cat client.subr)" > ssh-client-hardening.sh 43 | - sh ./ssh-client-hardening.sh 44 | test_ssh_client_script: 45 | - ssh localhost -p 2222 -T || true 46 | always: 47 | ssh-audit-client.out_artifacts: 48 | path: ssh-audit-client.out 49 | type: text/plain 50 | -------------------------------------------------------------------------------- /client.md: -------------------------------------------------------------------------------- 1 | # FreeBSD OpenSSH Hardening — Client 2 | 3 | ## Run the following in a terminal to harden the OpenSSH client for the local user 4 | 5 | mkdir -p -m 0700 ~/.ssh; printf "\nHost *\n Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\n\n KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\n\n MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\n\n HostKeyAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256\n\n CASignatureAlgorithms sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256\n\n HostbasedAcceptedAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-256\n\n PubkeyAcceptedAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-256\n" >> ~/.ssh/config 6 | 7 |
8 | Results report 9 | 10 | ``` 11 | # general 12 | (gen) client IP: 127.0.0.1 13 | (gen) banner: SSH-2.0-OpenSSH_9.9 14 | (gen) software: OpenSSH 9.9 15 | (gen) compression: enabled (zlib@openssh.com) 16 | 17 | # key exchange algorithms 18 | (kex) sntrup761x25519-sha512 -- [info] available since OpenSSH 9.9 19 | `- [info] default key exchange since OpenSSH 9.9 20 | `- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm 21 | (kex) sntrup761x25519-sha512@openssh.com -- [info] available since OpenSSH 8.5 22 | `- [info] default key exchange from OpenSSH 9.0 to 9.8 23 | `- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm 24 | (kex) mlkem768x25519-sha256 -- [info] available since OpenSSH 9.9 25 | `- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm 26 | (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 27 | `- [info] default key exchange from OpenSSH 7.4 to 8.9 28 | (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 29 | `- [info] default key exchange from OpenSSH 6.5 to 7.3 30 | (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 31 | (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 32 | (kex) diffie-hellman-group-exchange-sha256 -- [info] available since OpenSSH 4.4 33 | (kex) ext-info-c -- [info] available since OpenSSH 7.2 34 | `- [info] pseudo-algorithm that denotes the peer supports RFC8308 extensions 35 | (kex) kex-strict-c-v00@openssh.com -- [info] pseudo-algorithm that denotes the peer supports a stricter key exchange method as a counter-measure to the Terrapin attack (CVE-2023-48795) 36 | 37 | # host-key algorithms 38 | (key) sk-ssh-ed25519-cert-v01@openssh.com -- [info] available since OpenSSH 8.2 39 | (key) ssh-ed25519-cert-v01@openssh.com -- [info] available since OpenSSH 6.5 40 | (key) rsa-sha2-512-cert-v01@openssh.com -- [info] available since OpenSSH 7.8 41 | (key) rsa-sha2-256-cert-v01@openssh.com -- [info] available since OpenSSH 7.8 42 | (key) sk-ssh-ed25519@openssh.com -- [info] available since OpenSSH 8.2 43 | (key) ssh-ed25519 -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79 44 | (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2 45 | (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2, Dropbear SSH 2020.79 46 | 47 | # encryption algorithms (ciphers) 48 | (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 49 | (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 50 | (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 51 | (enc) aes192-ctr -- [info] available since OpenSSH 3.7 52 | (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 53 | 54 | # message authentication code algorithms 55 | (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 56 | (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 57 | (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 58 | ``` 59 |
60 | -------------------------------------------------------------------------------- /server.md: -------------------------------------------------------------------------------- 1 | # FreeBSD OpenSSH Hardening — Server 2 | 3 | ## Backup ssh config, install ssh-audit 4 | 5 | sudo -s # we need root for most of this 6 | cp -a /etc/ssh /etc/ssh.bak # backup ssh config just in case 7 | pkg install -y security/py-ssh-audit # install ssh-audit (you can make install if you like) 8 | 9 | ## Enable and start sshd, then run ssh-audit, saving the output 10 | 11 | service sshd enable 12 | service sshd start 13 | uname -a > ssh-audit.out 14 | echo "# before hardening" >> ssh-audit.out 15 | ssh-audit --no-colors localhost >> ssh-audit.out || true 16 | 17 | ## Remove existing key-pairs, disable DSA & ECDSA 18 | 19 | rm -f /etc/ssh/ssh_host_* 20 | sysrc sshd_dsa_enable="no" 21 | sysrc sshd_ecdsa_enable="no" 22 | sysrc sshd_ed25519_enable="yes" 23 | sysrc sshd_rsa_enable="yes" 24 | 25 | ## Regenerate RSA and Ed25519 keys 26 | 27 | ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" 28 | ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" 29 | 30 | ## Remove Diffie-Hellman moduli smaller than 3071 31 | 32 | awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe 33 | mv /etc/ssh/moduli.safe /etc/ssh/moduli 34 | 35 | ## Restrict supported key exchange, cipher, and MAC algorithms 36 | 37 | printf "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512\n\nCiphers aes256-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-gcm@openssh.com,aes128-ctr\n\nMACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com\n\nHostKeyAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256\n\nCASignatureAlgorithms sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256\n\nHostbasedAcceptedAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256\n\nPubkeyAcceptedAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256\n" >> /etc/ssh/sshd_config 38 | 39 | ## Restart sshd and run ssh-audit again, appending output 40 | 41 | service sshd restart 42 | echo "# after hardening" >> ssh-audit.out 43 | ssh-audit --no-colors localhost >> ssh-audit.out 44 | 45 |
46 | Send (pastebin) the contents of ssh-audit.out 47 | 48 | ``` 49 | FreeBSD cirrus-task-0000000000000000 15.0-CURRENT FreeBSD 15.0-CURRENT #0 main-n278235-dca2ab32e831: Thu Jun 26 04:58:09 UTC 2025 root@releng3.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 50 | # before hardening 51 | # general 52 | (gen) banner: SSH-2.0-OpenSSH_9.9 FreeBSD-20250219 53 | (gen) software: OpenSSH 9.9 running on FreeBSD (2025-02-19) 54 | (gen) compatibility: OpenSSH 9.9+, Dropbear SSH 2020.79+ 55 | (gen) compression: enabled (zlib@openssh.com) 56 | 57 | # key exchange algorithms 58 | (kex) sntrup761x25519-sha512 -- [info] available since OpenSSH 9.9 59 | `- [info] default key exchange since OpenSSH 9.9 60 | `- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm 61 | (kex) sntrup761x25519-sha512@openssh.com -- [info] available since OpenSSH 8.5 62 | `- [info] default key exchange from OpenSSH 9.0 to 9.8 63 | `- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm 64 | (kex) mlkem768x25519-sha256 -- [info] available since OpenSSH 9.9 65 | `- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm 66 | (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 67 | `- [info] default key exchange from OpenSSH 7.4 to 8.9 68 | (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 69 | `- [info] default key exchange from OpenSSH 6.5 to 7.3 70 | (kex) ecdh-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency 71 | `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 72 | (kex) ecdh-sha2-nistp384 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency 73 | `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 74 | (kex) ecdh-sha2-nistp521 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency 75 | `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 76 | (kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] available since OpenSSH 4.4 77 | `- [info] OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 3072. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477). 78 | (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 79 | (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 80 | (kex) diffie-hellman-group14-sha256 -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength 81 | `- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 82 | (kex) ext-info-s -- [info] available since OpenSSH 9.6 83 | `- [info] pseudo-algorithm that denotes the peer supports RFC8308 extensions 84 | (kex) kex-strict-s-v00@openssh.com -- [info] pseudo-algorithm that denotes the peer supports a stricter key exchange method as a counter-measure to the Terrapin attack (CVE-2023-48795) 85 | 86 | # host-key algorithms 87 | (key) rsa-sha2-512 (3072-bit) -- [info] available since OpenSSH 7.2 88 | (key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2, Dropbear SSH 2020.79 89 | (key) ecdsa-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency 90 | `- [warn] using weak random number generator could reveal the key 91 | `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 92 | (key) ssh-ed25519 -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79 93 | 94 | # encryption algorithms (ciphers) 95 | (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79 96 | `- [info] default cipher since OpenSSH 6.9 97 | (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 98 | (enc) aes192-ctr -- [info] available since OpenSSH 3.7 99 | (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 100 | (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 101 | (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 102 | 103 | # message authentication code algorithms 104 | (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size 105 | `- [info] available since OpenSSH 6.2 106 | (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 107 | (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 108 | (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 109 | (mac) hmac-sha1-etm@openssh.com -- [fail] using broken SHA-1 hash algorithm 110 | `- [info] available since OpenSSH 6.2 111 | (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode 112 | `- [warn] using small 64-bit tag size 113 | `- [info] available since OpenSSH 4.7 114 | (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode 115 | `- [info] available since OpenSSH 6.2 116 | (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode 117 | `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 118 | (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode 119 | `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 120 | (mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm 121 | `- [warn] using encrypt-and-MAC mode 122 | `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 123 | 124 | # fingerprints 125 | (fin) ssh-ed25519: SHA256:5BF+K3daRjL/loomOa3He1zkUt0TGUw8XxZt4z6Bud4 126 | (fin) ssh-rsa: SHA256:/aZej4jEnqIWn7fO+mJSCvkjOiY3QBYTLNoapZfCRrI 127 | 128 | # algorithm recommendations (for OpenSSH 9.9) 129 | (rec) -diffie-hellman-group14-sha256 -- kex algorithm to remove 130 | (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove 131 | (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove 132 | (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove 133 | (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove 134 | (rec) -hmac-sha1 -- mac algorithm to remove 135 | (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove 136 | (rec) -hmac-sha2-256 -- mac algorithm to remove 137 | (rec) -hmac-sha2-512 -- mac algorithm to remove 138 | (rec) -umac-128@openssh.com -- mac algorithm to remove 139 | (rec) -umac-64-etm@openssh.com -- mac algorithm to remove 140 | (rec) -umac-64@openssh.com -- mac algorithm to remove 141 | 142 | # additional info 143 | (nfo) For hardening guides on common OSes, please see: 144 | (nfo) Be aware that, while this target properly supports the strict key exchange method (via the kex-strict-?-v00@openssh.com marker) needed to protect against the Terrapin vulnerability (CVE-2023-48795), all peers must also support this feature as well, otherwise the vulnerability will still be present. The following algorithms would allow an unpatched peer to create vulnerable SSH channels with this target: chacha20-poly1305@openssh.com. If any CBC ciphers are in this list, you may remove them while leaving the *-etm@openssh.com MACs in place; these MACs are fine while paired with non-CBC cipher types. 145 | 146 | # after hardening 147 | # general 148 | (gen) banner: SSH-2.0-OpenSSH_9.9 FreeBSD-20250219 149 | (gen) software: OpenSSH 9.9 running on FreeBSD (2025-02-19) 150 | (gen) compatibility: OpenSSH 9.9+, Dropbear SSH 2020.79+ 151 | (gen) compression: enabled (zlib@openssh.com) 152 | 153 | # key exchange algorithms 154 | (kex) sntrup761x25519-sha512 -- [info] available since OpenSSH 9.9 155 | `- [info] default key exchange since OpenSSH 9.9 156 | `- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm 157 | (kex) sntrup761x25519-sha512@openssh.com -- [info] available since OpenSSH 8.5 158 | `- [info] default key exchange from OpenSSH 9.0 to 9.8 159 | `- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm 160 | (kex) mlkem768x25519-sha256 -- [info] available since OpenSSH 9.9 161 | `- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm 162 | (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 163 | `- [info] default key exchange from OpenSSH 7.4 to 8.9 164 | (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 165 | `- [info] default key exchange from OpenSSH 6.5 to 7.3 166 | (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 167 | (kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] available since OpenSSH 4.4 168 | `- [info] OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 3072. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477). 169 | (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 170 | (kex) ext-info-s -- [info] available since OpenSSH 9.6 171 | `- [info] pseudo-algorithm that denotes the peer supports RFC8308 extensions 172 | (kex) kex-strict-s-v00@openssh.com -- [info] pseudo-algorithm that denotes the peer supports a stricter key exchange method as a counter-measure to the Terrapin attack (CVE-2023-48795) 173 | 174 | # host-key algorithms 175 | (key) rsa-sha2-512 (4096-bit) -- [info] available since OpenSSH 7.2 176 | (key) rsa-sha2-256 (4096-bit) -- [info] available since OpenSSH 7.2, Dropbear SSH 2020.79 177 | (key) ssh-ed25519 -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79 178 | 179 | # encryption algorithms (ciphers) 180 | (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 181 | (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 182 | (enc) aes192-ctr -- [info] available since OpenSSH 3.7 183 | (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 184 | (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 185 | 186 | # message authentication code algorithms 187 | (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 188 | (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 189 | (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 190 | 191 | # fingerprints 192 | (fin) ssh-ed25519: SHA256:Ylur7+KRIdDcFFRHf8ngPbFRsMtYVPNgI+ZDtKjSpzw 193 | (fin) ssh-rsa: SHA256:bBkNqpmpuHEB3l4gHE7LQ2M0oY9UIYkO+uIDn5xgzlU 194 | ``` 195 |
196 | 197 | ## If you want to revert the SSH configuration 198 | 199 | rm -rf /etc/ssh 200 | mv /etc/ssh.bak /etc/ssh 201 | 202 |
203 | Comparative table: Default vs. Hardened 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 220 | 226 | 227 | 228 | 229 | 240 | 249 | 250 | 251 | 252 | 269 | 281 | 282 | 283 | 284 | 299 | 306 | 307 | 308 | 309 | 330 | 342 | 343 |
Default (OpenSSH 9.9)Hardened
HostKey 214 |
    215 |
  • Ed25519
    • 216 |
  • RSA (3072-bit)
    • 217 |
  • ECDSA
    • 218 |
219 | 		221 |
    222 |
  • Ed25519
    • 223 |
  • RSA (4096-bit)
    • 224 |
225 |
Ciphers 230 |
    231 | 232 |
  • chacha20-poly1305@openssh.com
    • 233 |
  • aes128-ctr
    • 234 |
  • aes192-ctr
    • 235 |
  • aes256-ctr
    • 236 |
  • aes128-gcm@openssh.com
    • 237 |
  • aes256-gcm@openssh.com
    • 238 |
239 | 		241 |
    242 |
  • aes256-gcm@openssh.com
    • 243 |
  • aes128-gcm@openssh.com
    • 244 |
  • aes256-ctr
    • 245 |
  • aes192-ctr
    • 246 |
  • aes128-ctr
    • 247 |
248 |
KexAlgorithms 253 |
    254 | 255 |
  • sntrup761x25519-sha512
    • 256 |
  • sntrup761x25519-sha512@openssh.com
    • 257 |
  • mlkem768x25519-sha256
    • 258 |
  • curve25519-sha256
    • 259 |
  • curve25519-sha256@libssh.org
    • 260 |
  • ecdh-sha2-nistp256
    • 261 |
  • ecdh-sha2-nistp384
    • 262 |
  • ecdh-sha2-nistp521
    • 263 |
  • diffie-hellman-group-exchange-sha256
    • 264 |
  • diffie-hellman-group16-sha512
    • 265 |
  • diffie-hellman-group18-sha512
    • 266 |
  • diffie-hellman-group14-sha256
    • 267 |
268 | 		270 |
    271 |
  • sntrup761x25519-sha512
    • 272 |
  • sntrup761x25519-sha512@openssh.com
    • 273 |
  • mlkem768x25519-sha256
    • 274 |
  • curve25519-sha256
    • 275 |
  • curve25519-sha256@libssh.org
    • 276 |
  • diffie-hellman-group16-sha512
    • 277 |
  • diffie-hellman-group18-sha512
    • 278 |
  • diffie-hellman-group-exchange-sha256
    • 279 |
280 |
MACs 285 |
    286 | 287 |
  • umac-64-etm@openssh.com
    • 288 |
  • umac-128-etm@openssh.com
    • 289 |
  • hmac-sha2-256-etm@openssh.com
    • 290 |
  • hmac-sha2-512-etm@openssh.com
    • 291 |
  • hmac-sha1-etm@openssh.com
    • 292 |
  • umac-64@openssh.com
    • 293 |
  • umac-128@openssh.com
    • 294 |
  • hmac-sha2-256
    • 295 |
  • hmac-sha2-512
    • 296 |
  • hmac-sha1
    • 297 |
298 | 		300 |
    301 |
  • hmac-sha2-256-etm@openssh.com
    • 302 |
  • hmac-sha2-512-etm@openssh.com
    • 303 |
  • umac-128-etm@openssh.com
    • 304 |
305 |
HostKeyAlgorithms 310 |
    311 | 312 |
  • ssh-ed25519-cert-v01@openssh.com
    • 313 |
  • ecdsa-sha2-nistp256-cert-v01@openssh.com
    • 314 |
  • ecdsa-sha2-nistp384-cert-v01@openssh.com
    • 315 |
  • ecdsa-sha2-nistp521-cert-v01@openssh.com
    • 316 |
  • sk-ssh-ed25519-cert-v01@openssh.com
    • 317 |
  • sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
    • 318 |
  • rsa-sha2-512-cert-v01@openssh.com
    • 319 |
  • rsa-sha2-256-cert-v01@openssh.com
    • 320 |
  • ssh-ed25519
    • 321 |
  • ecdsa-sha2-nistp256
    • 322 |
  • ecdsa-sha2-nistp384
    • 323 |
  • ecdsa-sha2-nistp521
    • 324 |
  • sk-ssh-ed25519@openssh.com
    • 325 |
  • sk-ecdsa-sha2-nistp256@openssh.com
    • 326 |
  • rsa-sha2-512
    • 327 |
  • rsa-sha2-256
    • 328 |
329 | 		331 |
    332 |
  • ssh-ed25519
    • 333 |
  • ssh-ed25519-cert-v01@openssh.com
    • 334 |
  • sk-ssh-ed25519@openssh.com
    • 335 |
  • sk-ssh-ed25519-cert-v01@openssh.com
    • 336 |
  • rsa-sha2-512
    • 337 |
  • rsa-sha2-512-cert-v01@openssh.com
    • 338 |
  • rsa-sha2-256
    • 339 |
  • rsa-sha2-256-cert-v01@openssh.com
    • 340 |
341 |
344 |
345 | --------------------------------------------------------------------------------