Information
This variable limits the ciphers that SSH can use during communication.
Rationale:
Weak ciphers that are used for authentication to the cryptographic module cannot be relied upon to provide confidentiality or integrity, and system data may be compromised
The DES, Triple DES, and Blowfish ciphers, as used in SSH, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, aka a 'Sweet32' attack
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the 'Bar Mitzvah' issue
The passwords used during an SSH session encrypted with RC4 can be recovered by an attacker who is able to capture and replay the session
Error handling in the SSH protocol; Client and Server, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors
The mm_newkeys_from_blob function in monitor_wrap.c, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Edit the /etc/ssh/sshd_config file add/modify the Ciphers line to contain a comma separated list of the site approved ciphers
Example:
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
Default Value:
Ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-2183
https://nvd.nist.gov/vuln/detail/CVE-2015-2808
https://www.kb.cert.org/vuls/id/565052
https://www.openssh.com/txt/cbc.adv
https://nvd.nist.gov/vuln/detail/CVE-2008-5161
https://nvd.nist.gov/vuln/detail/CVE-2013-4548
https://www.kb.cert.org/vuls/id/565052
https://www.openssh.com/txt/cbc.adv
SSHD_CONFIG(5)
Notes:
Some organizations may have stricter requirements for approved ciphers. Ensure that ciphers used are in compliance with site policy.
The only ciphers currently FIPS 140-2 compliant are: aes256-ctr,aes192-ctr,aes128-ctr
CVE-2013-4548 referenced above applies to OpenSSH versions 6.2 and 6.3. If running these versions of Open SSH, Please upgrade to version 6.4 or later to fix the vulnerability, or disable AES-GCM in the server configuration.
The Following are the supported ciphers in openSSH:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
[email protected]
[email protected]
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
[email protected]
[email protected]