5.2.13 Ensure only strong Ciphers are used - weak ciphers

Information

This variable limits the ciphers that SSH can use during communication.

Rationale:

Weak ciphers that are used for authentication to the cryptographic module cannot be relied
upon to provide confidentiality or integrity, and system data may be compromised

The DES, Triple DES, and Blowfish ciphers, as used in SSH, have a birthday bound of
approximately four billion blocks, which makes it easier for remote attackers to obtain
cleartext data via a birthday attack against a long-duration encrypted session, aka a
"Sweet32" attack

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly
combine state data with key data during the initialization phase, which makes it easier for
remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream
by sniffing network traffic that occasionally relies on keys affected by the Invariance
Weakness, and then using a brute-force approach involving LSB values, aka the "Bar
Mitzvah" issue

The passwords used during an SSH session encrypted with RC4 can be recovered by an
attacker who is able to capture and replay the session

Error handling in the SSH protocol; Client and Server, when using a block cipher algorithm
in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover
certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown
vectors

The mm_newkeys_from_blob function in monitor_wrap.c, when an AES-GCM cipher is used,
does not properly initialize memory for a MAC context data structure, which allows remote
authenticated users to bypass intended ForceCommand and login-shell restrictions via
packet data that provides a crafted callback address

Solution

Edit the /etc/ssh/sshd_config file add/modify the Ciphers line to contain a comma
separated list of the site approved ciphers
Example:

Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr

Default Value:

Ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc

See Also

https://workbench.cisecurity.org/files/2420

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, CSCv6|3.4, CSCv7|14.4

Plugin: Unix

Control ID: bb67641c5960aefffb718f073a7f350bd8272949df0f669d3c3a17a80b7c3a66