The Hyperpessimist

The grandest failure.

Secure Secure Shell on Debian Wheezy

If you have passingly paid attention to the internet at all lately, you probably ran across the Secure Secure Shell article, which advises on how to better secure your SSH sessions. This is nice and all, but it doesn’t apply to Debian 7, Wheezy, too much: “Warning: You will need a recent OpenSSH version. It should work with 6.5 but I have only tested 6.7 […]”.

Yeah, I’ve tested it on the version shipped with Debian Wheezy, 6.0 and guess what, many of the secure algorithms are unavailable. You could try installing backports of newer OpenSSH versions, but then you have to hope that these get maintained as well as the regular Debian security updates. And if you have many machines installing the backport might be tedious. So now that the next version of Debian, Jessie/8 is in freeze state which will ship with OpenSSH 6.7, I don’t feel like updating.

So what exactly is missing? As I saw everything using Curve25519 is not yet implemented in OpenSSH 6.0, so forget about the key exchange and Ed25519 public keys, but the Encrypt-then-MAC modes aren’t here either. ChaCha20? Nope, sorry.

Stripping out the algorithms that are missing, left me with these settings in /etc/ssh/sshd_config:

1
2
3
KexAlgorithms diffie-hellman-group-exchange-sha256
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

On the positive side: you can upgrade your RSA keys to 4096 bits (if they aren’t already) and you can delete your DSA and ECDSA keys. You can edit the module to only have larger values, as described in the article.

Overall, I’d say it is decent. I haven’t seen any incompatibility so far with the clients I used (OpenSSH and JuiceSSH, the latter only recently implemented diffie-hellman-group-exchange-sha256 and support for higher DH moduli), so that’s good.