Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

align soft-serve ssh server [config] with ssh-audits recommendations #485

Open
QuantumLibet opened this issue Mar 3, 2024 · 2 comments · Fixed by charmbracelet/wish#249
Labels
enhancement New feature or request

Comments

@QuantumLibet
Copy link

Is your feature request related to a problem? Please describe.

It would be great, if the soft-serve SSH server could be configurable.


Background:
When auditing SSH servers using https://github.com/jtesta/ssh-audit, it appears that the soft-serve SSH server has several security vulnerabilities.
These vulnerabilities are likely related to the default configuration of the included dropbear SSH server.


Describe the solution you'd like

To improve security, additional configuration parameters for SSH configuration such as KExAlgorithms, Ciphers, and MACs could be added to the soft-serve config.yaml.

Alternatively, soft-serve could read the sshd configuration files from the same path as the 'key_path' config option, for example, 'server_config_path: ssh/sshd_config'.


Additional context

The following is the output of ssh-audit v3.1.0 agains soft-serve v0.7.4 (d483565).
The command used was: docker run --rm positronsecurity/ssh-audit 1.2.3.4 -p 23231

Please note the CVE's at the beginning and the '[fail]' and '[warn]' remarks.
The original is using colors, which makes things easier to read.

# general
(gen) banner: SSH-2.0-OpenSSH_7.6p1
(gen) software: OpenSSH 7.6p1
(gen) compatibility: OpenSSH 7.4+ (some functionality from 6.6), Dropbear SSH 2018.76+
(gen) compression: disabled

# security
(cve) CVE-2021-41617                 -- (CVSSv2: 7.0) privilege escalation via supplemental groups
(cve) CVE-2020-15778                 -- (CVSSv2: 7.8) command injection via anomalous argument transfers
(cve) CVE-2018-15919                 -- (CVSSv2: 5.3) username enumeration via GS2
(cve) CVE-2018-15473                 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies
(cve) CVE-2016-20012                 -- (CVSSv2: 5.3) enumerate usernames via challenge response

# key exchange algorithms
(kex) curve25519-sha256              -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
                                     `- [info] default key exchange since OpenSSH 6.4
(kex) [email protected]   -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
                                     `- [info] default key exchange since OpenSSH 6.4
(kex) ecdh-sha2-nistp256             -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
                                     `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp384             -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
                                     `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp521             -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
                                     `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group14-sha256  -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
                                     `- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group14-sha1    -- [fail] using broken SHA-1 hash algorithm
                                     `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
                                     `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53

# host-key algorithms
(key) ssh-ed25519                    -- [info] available since OpenSSH 6.5

# encryption algorithms (ciphers)
(enc) [email protected]         -- [info] available since OpenSSH 6.2
(enc) [email protected]         -- [info] available since OpenSSH 6.2
(enc) [email protected]  -- [warn] vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation
                                     `- [info] available since OpenSSH 6.5
                                     `- [info] default cipher since OpenSSH 6.9
(enc) aes128-ctr                     -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr                     -- [info] available since OpenSSH 3.7
(enc) aes256-ctr                     -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52

# message authentication code algorithms
(mac) [email protected]  -- [info] available since OpenSSH 6.2
(mac) [email protected]  -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256                  -- [warn] using encrypt-and-MAC mode
                                     `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha2-512                  -- [warn] using encrypt-and-MAC mode
                                     `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha1                      -- [fail] using broken SHA-1 hash algorithm
                                     `- [warn] using encrypt-and-MAC mode
                                     `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
(mac) hmac-sha1-96                   -- [fail] using broken SHA-1 hash algorithm
                                     `- [warn] using encrypt-and-MAC mode
                                     `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47


# algorithm recommendations (for OpenSSH 7.6)
(rec) -diffie-hellman-group14-sha1   -- kex algorithm to remove 
(rec) -ecdh-sha2-nistp256            -- kex algorithm to remove 
(rec) -ecdh-sha2-nistp384            -- kex algorithm to remove 
(rec) -ecdh-sha2-nistp521            -- kex algorithm to remove 
(rec) -hmac-sha1                     -- mac algorithm to remove 
(rec) -hmac-sha1-96                  -- mac algorithm to remove 
(rec) +diffie-hellman-group-exchange-sha256-- kex algorithm to append 
(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append 
(rec) +diffie-hellman-group18-sha512 -- kex algorithm to append 
(rec) +rsa-sha2-256                  -- key algorithm to append 
(rec) +rsa-sha2-512                  -- key algorithm to append 
(rec) [email protected] -- enc algorithm to remove 
(rec) -diffie-hellman-group14-sha256 -- kex algorithm to remove 
(rec) -hmac-sha2-256                 -- mac algorithm to remove 
(rec) -hmac-sha2-512                 -- mac algorithm to remove 
@aymanbagabas
Copy link
Member

Hi @QuantumLibet, thanks for writing this report. Looking more into this, I'm suspecting that the report is a bit inaccurate since Soft Serve uses Golang SSH and not Dropbear. The version reported is also misleading because that's the default version Wish uses.
Let me know if this helps :)

aymanbagabas added a commit to charmbracelet/wish that referenced this issue Mar 8, 2024
Golang SSH will set a default version when this is empty, using
"OpenSSH_7.6p1" is misleading and causes SSH clients to misidentify the
server version.

Reference: https://pkg.go.dev/golang.org/x/crypto/ssh#:~:text=//%20%22SSH%2D2.0%2D%22.-,ServerVersion,-string%0A%0A%09//%20BannerCallback%2C%20if
Fixes: charmbracelet/soft-serve#485
@aymanbagabas aymanbagabas reopened this Mar 8, 2024
@QuantumLibet
Copy link
Author

Hi @aymanbagabas.

Thank you for your feedback. However, I was in no way concerned with the exact identification of the SSH engine.
The post is a feature request to enable configurability of the SSH server.

@aymanbagabas aymanbagabas added the enhancement New feature or request label Mar 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants