search

jtesta / ssh-audit

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
MIT License
3.44k stars 179 forks source link

DHEat check supports only IPv4 #269

Closed yuki0iq closed 4 months ago

yuki0iq commented 6 months ago

I recently updated ssh-audit from 3.1 to 3.2 (Arch Linux) and decided to run it again to see what vulnerabilities my server may contain. The usual way of running, ssh-audit ::1, raised a strange error.

$ ssh-audit ::1
Traceback (most recent call last):
  File "/usr/bin/ssh-audit", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/usr/lib/python3.12/site-packages/ssh_audit/ssh_audit.py", line 1628, in main
    ret = audit(out, aconf)
          ^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ssh_audit/ssh_audit.py", line 1342, in audit
    dh_rate_test_notes = DHEat.dh_rate_test(out, aconf, kex, 1.5, 38, 3)
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ssh_audit/dheat.py", line 301, in dh_rate_test
    ret = DHEat._dh_rate_test(out, aconf, kex, max_time, max_connections, concurrent_sockets)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ssh_audit/dheat.py", line 433, in _dh_rate_test
    ret = s.connect_ex((aconf.host, aconf.port))
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
socket.gaierror: [Errno -9] Address family for hostname not supported

I decided to ignore it for a while, and tried IPv4 instead, which hopefully worked, and I saw the warning about DHEat. The fix I used is a compilation of random internet resources and man pages:

ct state new tcp dport ssh limit rate over 20/minute reject with tcp reset comment "prevent DHEat DoS attack on sshd"

The text of warning offers to skip the rate test with a command line option. I accepted that offer, thinking this might be the culprit, and it indeed is -- at least on my machine.

The surrounding code suggests that IPv4 is blindly assumed, which is likely the cause.

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#                        \
#                         IPv4 address family

# ... (some code omitted) ...

ret = s.connect_ex((aconf.host, aconf.port))
#     \             \
#      \            "::1", an IPv6 address
#       [Errno -9] Address family for hostname not supported

This kind of code is also present in _worker_process.

I have tried fixing this by using SSH_Socket instead of raw socket, but it got too hard for me.

marek22k commented 5 months ago

I have the same error for a IPv6-only host:

$ ssh-audit 2a01:cb05:944a:b8ff:1469:3dff:fee3:97e9
Traceback (most recent call last):
  File "/data/data/com.termux/files/usr/bin/ssh-audit", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/data/data/com.termux/files/usr/lib/python3.11/site-packages/ssh_audit/ssh_audit.py", line 1628, in main
    ret = audit(out, aconf)
          ^^^^^^^^^^^^^^^^^
  File "/data/data/com.termux/files/usr/lib/python3.11/site-packages/ssh_audit/ssh_audit.py", line 1342, in audit
    dh_rate_test_notes = DHEat.dh_rate_test(out, aconf, kex, 1.5, 38, 3)
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/data/data/com.termux/files/usr/lib/python3.11/site-packages/ssh_audit/dheat.py", line 301, in dh_rate_test
    ret = DHEat._dh_rate_test(out, aconf, kex, max_time, max_connections, concurrent_sockets)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/data/data/com.termux/files/usr/lib/python3.11/site-packages/ssh_audit/dheat.py", line 433, in _dh_rate_test
    ret = s.connect_ex((aconf.host, aconf.port))
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
socket.gaierror: [Errno 7] No address associated with hostname
~ $ ssh-audit 2a01:cb05:944a:b8ff:1469:3dff:fee3:97e9
Traceback (most recent call last):
  File "/data/data/com.termux/files/usr/bin/ssh-audit", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/data/data/com.termux/files/usr/lib/python3.11/site-packages/ssh_audit/ssh_audit.py", line 1628, in main
    ret = audit(out, aconf)
          ^^^^^^^^^^^^^^^^^
  File "/data/data/com.termux/files/usr/lib/python3.11/site-packages/ssh_audit/ssh_audit.py", line 1342, in audit
    dh_rate_test_notes = DHEat.dh_rate_test(out, aconf, kex, 1.5, 38, 3)
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/data/data/com.termux/files/usr/lib/python3.11/site-packages/ssh_audit/dheat.py", line 301, in dh_rate_test
    ret = DHEat._dh_rate_test(out, aconf, kex, max_time, max_connections, concurrent_sockets)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/data/data/com.termux/files/usr/lib/python3.11/site-packages/ssh_audit/dheat.py", line 433, in _dh_rate_test
    ret = s.connect_ex((aconf.host, aconf.port))
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
socket.gaierror: [Errno 7] No address associated with hostname
jtesta commented 5 months ago

@yuki0iq , @marek22k : Thanks for reporting this! I checked in a fix in https://github.com/jtesta/ssh-audit/commit/87e22ae26b1f7d3fa649ef460846f91c886750b1. I'm pretty sure this resolves the issue, but if you could confirm, that would be much appreciated! Thanks!

marek22k commented 5 months ago

Works for me:

$ git log -1
commit 87e22ae26b1f7d3fa649ef460846f91c886750b1 (HEAD -> master, origin/master, origin/HEAD)
Author: Joe Testa <jtesta@positronsecurity.com>
Date:   Sat Jun 29 19:05:20 2024 -0400

    Added IPv6 support for DHEat and connection rate tests. (#269)
$ python3 ssh-audit.py 2a01:cb05:944a:b8ff:1469:3dff:fee3:97e9
# general
(gen) banner: SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
(gen) software: OpenSSH 9.2p1
(gen) compatibility: OpenSSH 6.5+, Dropbear SSH 2020.79+
(gen) compression: enabled (zlib@openssh.com)

# key exchange algorithms
(kex) curve25519-sha256@libssh.org   -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
                                     `- [info] default key exchange from OpenSSH 6.5 to 7.3
(kex) kex-strict-s-v00@openssh.com   -- [info] pseudo-algorithm that denotes the peer supports a stricter key exchange method as a counter-measure to the Terrapin attack (CVE-2023-48795)

# host-key algorithms
(key) ssh-ed25519                    -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79

# encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com  -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79
                                     `- [info] default cipher since OpenSSH 6.9
(enc) aes256-gcm@openssh.com         -- [info] available since OpenSSH 6.2

# message authentication code algorithms
(mac) hmac-sha2-512-etm@openssh.com  -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512                  -- [warn] using encrypt-and-MAC mode
                                     `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56

# fingerprints
(fin) ssh-ed25519: SHA256:+f/NMCLGgcAQmYX2CFFVKtyVQGNs0oYN4pf176N5nMk

# algorithm recommendations (for OpenSSH 9.2)
(rec) +aes128-ctr                    -- enc algorithm to append 
(rec) +aes128-gcm@openssh.com        -- enc algorithm to append 
(rec) +aes192-ctr                    -- enc algorithm to append 
(rec) +aes256-ctr                    -- enc algorithm to append 
(rec) +curve25519-sha256             -- kex algorithm to append 
(rec) +diffie-hellman-group-exchange-sha256-- kex algorithm to append 
(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append 
(rec) +diffie-hellman-group18-sha512 -- kex algorithm to append 
(rec) +rsa-sha2-256                  -- key algorithm to append 
(rec) +rsa-sha2-512                  -- key algorithm to append 
(rec) +sntrup761x25519-sha512@openssh.com-- kex algorithm to append 
(rec) -hmac-sha2-512                 -- mac algorithm to remove 

# additional info
(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
(nfo) Be aware that, while this target properly supports the strict key exchange method (via the kex-strict-?-v00@openssh.com marker) needed to protect against the Terrapin vulnerability (CVE-2023-48795), all peers must also support this feature as well, otherwise the vulnerability will still be present.  The following algorithms would allow an unpatched peer to create vulnerable SSH channels with this target: chacha20-poly1305@openssh.com.  If any CBC ciphers are in this list, you may remove them while leaving the *-etm@openssh.com MACs in place; these MACs are fine while paired with non-CBC cipher types.
(nfo) Potentially insufficient connection throttling detected, resulting in possible vulnerability to the DHEat DoS attack (CVE-2002-20001).  38 connections were created in 1.063 seconds, or 35.8 conns/sec; server must respond with a rate less than 20.0 conns/sec per IPv4/IPv6 source address to be considered safe.  For rate-throttling options, please see <https://www.ssh-audit.com/hardening_guides.html>.  Be aware that using 'PerSourceMaxStartups 1' properly protects the server from this attack, but will cause this test to yield a false positive.  Suppress this test and message with the --skip-rate-test option.
jtesta commented 4 months ago

@marek22k : thanks for confirming this fix.