search

jtesta / ssh-audit

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
MIT License
3.41k stars 176 forks source link

GSSAPI kex methods not recognized #143

Closed dodexahedron closed 1 year ago

dodexahedron commented 2 years ago

With GSSAPIKeyExchange enabled on openssh, ssh-audit does not recognize most of the kex algorithms for it, and flags them as unknown, except for gss-group14-sha256-, which it shows as green. The same algorithms are configured on my hosts with GSS as on the hosts without it, and they're known safe/strong algorithms that are shown in green for non-gss versions.

Looks like just missing entries for them in ssh2_kexdb.py. Entries needed, at least to support the systems I have in production, are:

'gss-curve25519-sha256-toWM5Slw5Ew8Mqkay+al2g==':[[]],
'gss-group16-sha512-toWM5Slw5Ew8Mqkay+al2g==': [[]],

I did not audit for other missing algorithms, so there may be others. More than happy to submit a pull request, if you like.

jtesta commented 2 years ago

Thanks for reporting this! Sure, a PR would be most welcome!

On Wed, 2022-07-20 at 21:47 -0700, dodexahedron wrote:

With GSSAPIKeyExchange enabled on openssh, ssh-audit does not recognize most of the kex algorithms for it, and flags them as unknown, except for gss-group14-sha256-, which it shows as green. The same algorithms are configured on my hosts with GSS as on the hosts without it, and they're known safe/strong algorithms that are shown in green for non-gss versions.

Looks like just missing entries for them in ssh2_kexdb.py. Entries needed, at least to support the systems I have in production, are:

'gss-curve25519-sha256-toWM5Slw5Ew8Mqkay+al2g==':[[]], 'gss-group16-sha512-toWM5Slw5Ew8Mqkay+al2g==': [[]], I did not audit for other missing algorithms, so there may be others. More than happy to submit a pull request, if you like.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread. -- Joseph S. Testa II Founder & Principal Security Consultant Positron Security

XSpielinbox commented 1 year ago

Also the Hardening Guide for RHEL 8 Server and derivatives already mentions GSSAPIKexAlgorithms . Shouldn't these be set in all other Guides too as the defaults aren't particularly secure?

lebonez commented 1 year ago

Sent an email about these related to this as well, I will say that GSSAPIKexAlgorithms is not configurable in gsi-openssh derivatives supplied in el7. So no way to harden them outside of building gsi openssh with newer openssh versions.

gss-group16-sha512-vz8J1E9PzLr8b1K+0remTg==,gss-group18-sha512-vz8J1E9PzLr8b1K+0remTg==,gss-gex-sha1-vz8J1E9PzLr8b1K+0remTg==,gss-group14-sha256-vz8J1E9PzLr8b1K+0remTg==,gss-group14-sha1-vz8J1E9PzLr8b1K+0remTg==,gss-group1-sha1-vz8J1E9PzLr8b1K+0remTg==,gss-group16-sha512-dZuIebMjgUqaxvbF7hDbAw==,gss-group18-sha512-dZuIebMjgUqaxvbF7hDbAw==,gss-gex-sha1-dZuIebMjgUqaxvbF7hDbAw==,gss-group14-sha256-dZuIebMjgUqaxvbF7hDbAw==,gss-group14-sha1-dZuIebMjgUqaxvbF7hDbAw==,gss-group1-sha1-dZuIebMjgUqaxvbF7hDbAw==

jtesta commented 1 year ago

@dodexahedron , @lebonez : I just checked in support for these kex methods into the master branch. If you have the time, testing the fix on your target systems would be a big help! Thanks!

XSpielinbox commented 1 year ago

How does one check this?

I have tested this against a client and a server running Fedora, trying different configurations, being pretty sure, that GSS- is enabled and ssh-audit (latest commit master) did not give any notice about any GSS- algorithm in any way.

jtesta commented 1 year ago

@XSpielinbox : If GSS is enabled, then those algorithms would be enumerated in the kex section of the output. But since you're pretty sure that its enabled on the machine, try this: telnet to port 22 on the target machine. Copy/paste its banner back to the server and press enter. The server will respond with a list of algorithms it supports. Copy/paste the entire telnet session output here and we'll see if GSS is actually enabled.

XSpielinbox commented 1 year ago

Hm, indeed it does not list anything GSS-related there. How does one enable GSSAPI then? I thought that setting GSSAPIAuthentication=yes and maybe GSSAPIKeyExchange=yes in the sshd_config and then restarting sshd should activate it? Changing the list of Ciphers, etc. and restarting sshd results in a difference.

jtesta commented 1 year ago

I never configured a server with Kerberos authentication, so I don't know.

dodexahedron commented 1 year ago

I thought I noticed it behaving better the most recent time I ran it. I'll check for sure at work tomorrow or as soon as I remember to do so. 😅

XSpielinbox commented 1 year ago

Ah, nevermind. GSSAPIKeyExchange=yes is definitely necessary on the server, but the issue was that the Kerberos wasn't setup correctly in my test setup before. Now I get the results from ssh-audit as expected. :+1: