If you still have an Ubuntu 14.04 LTS (or any other old distro) in a production environment, most likely the SSH service is accepting weak cipher and MAC algorithms. At present, the cipher algorithms considered to be weak are: CBC (3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, and rijndael-cbc@lysator.liu.se) [1] [2] and RC4 (arcfour, arcfour128, and arcfour256) [3]. While the MAC algorithms in this condition are: MD5 (hmac-md5, hmac-md5-96, hmac-md5-96-etm@openssh.com, and hmac-md5-etm@openssh.com) and 96-bit algorithms (hmac-sha1-96 and hmac-sha1-96-etm@openssh.com).
Now, how is it possible to know if these algorithms are being used by the SSH service in any given GNU/Linux system? Simply by executing the following command within the system we want to verify (assuming the SSH service is listening on port TCP/22):
Here, all the algorithms supported by the SSH service can be seen (highlighted in blue in the image above). In this example, the service is using the default configuration in Ubuntu 14.04 LTS which allows the use of vulnerable algorithms previously mentioned (highlighted in red).
To remedy this, the following must be done:
1) Edit the file
2) Restart the SSH service to apply the changes.
Once this is done, the SSH service will stop accepting weak cipher and MAC algorithms and this will improve the security of this service. In following Ubuntu TLS versions (such as 16.04 or 18.04) this modification is not necessary. Nevertheless, the steps detailed here can be also used to verify the configuration of the SSH service and to perform the aforementioned modifications in any GNU/Linux distro.
References:
[1] https://www.kb.cert.org/vuls/id/958563/
[2] https://tools.ietf.org/html/rfc4344
[3] https://tools.ietf.org/html/rfc7465
Now, how is it possible to know if these algorithms are being used by the SSH service in any given GNU/Linux system? Simply by executing the following command within the system we want to verify (assuming the SSH service is listening on port TCP/22):
# ssh -vvv localhost -p 22The previous command should show an output similar to this one:
To remedy this, the following must be done:
1) Edit the file
/etc/ssh/sshd_config and add the following two lines at the end of it:Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com MACs hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com
2) Restart the SSH service to apply the changes.
# service sshd restart
Once this is done, the SSH service will stop accepting weak cipher and MAC algorithms and this will improve the security of this service. In following Ubuntu TLS versions (such as 16.04 or 18.04) this modification is not necessary. Nevertheless, the steps detailed here can be also used to verify the configuration of the SSH service and to perform the aforementioned modifications in any GNU/Linux distro.
References:
[1] https://www.kb.cert.org/vuls/id/958563/
[2] https://tools.ietf.org/html/rfc4344
[3] https://tools.ietf.org/html/rfc7465