Closed AlexDaciuk closed 3 years ago
jtesta
commented
3 years ago Ask and ye shall receive! Guides have been added for Debian 10 & 11: https://www.ssh-audit.com/hardening_guides.html
Please let me know if you run into any trouble with them. Thanks!
AlexDaciuk
commented
3 years ago Hi, thanks, just tried both guide in both instances and just found this,
Debian 11 :
# algorithm recommendations (for OpenSSH 8.4)
(rec) +diffie-hellman-group14-sha256 -- kex algorithm to appendDebian 10 (with OpenSSH 8.4 from backports) :
# algorithm recommendations (for OpenSSH 8.4)
(rec) +diffie-hellman-group14-sha256 -- kex algorithm to appendCan we add that kex algorithm to the guide so we don't end up with a recommendation after all the steps of the guide? (we are supposed to get every thing fixed and in the best config with the guide after all)
Recommending installing openssh 8.4 from backports for Debian 10 will be too much?
Alex
jtesta
commented
3 years ago The issue of diffie-hellman-group14-sha256 coming up as a recommendation is directly related to issue #117. Hopefully that'll be fixed soon.
I'd recommend that you keep that key exchange algorithm disabled, since it only offers 2048-bit/112-bit of security strength.
-- Joseph S. Testa II Founder & Principal Security Consultant Positron Security
Hi,
Been upgrading my infra from CentOS 7 to Debian 10 and 11 and been using ssh-audit to make our ssh more secure, but there is not dedicated guides for Debian in https://www.ssh-audit.com/, I know that Ubuntu and Debian are almost interchangeable
Usually Ubuntu and Debian version does not have the same version
Debian 10 : 7.9 (or 8.4 in backports) Debian 11: 8.4 Ubuntu 20.04 : 8.2 Ubuntu 18.04 : 7.6
I suppose that guides for mayor versions are almost the same, but would be great to get Debian specific guides, or at least a version match for Debian in the Ubuntu guides
Cheers Alex