6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - key-exchange restriction

Information

SSH should be configured to use only Suite B key exchange algorithms.

Rationale:

SSH (Secure Shell) is the defacto standard protocol used for remote administration of network devices and Unix servers, providing an encrypted and authenticated alternative to Telnet. However, this ubiquity and requirement to support a wide range of clients and deployment scenarios, as well as SSH's age, mean SSH needs to support a variety of Ciphers of varying strengths.

By default, for the widest range of client compatibility, JUNOS supports SSH Key Exchange using older algorithms and methods such as Diffie-Hellman Group 1 with SHA1.

SSH is a vital tool for administering most JUNOS devices, providing privileged access and potentially transporting sensitive information including passwords. It is recommended that SSH sessions be protected by restricting JUNOS to using stronger Key Exchange methods recommended in the National Security Agency Suite B Standard.

Suite B standards for Cryptographic functions are developed and distributed by the US National Security Agency as part of Cryptographic Modernization Program for protection of US Government data, both unclassified and classified (to Secret). Suite B standards for SSH are set out in RFC6239 and restrict Key Exchange to Elliptic Curve Diffie Hellman with NIST P Values and SHA2 only.

NOTE - The OpenSSH implementation used in JUNOS is not fully compliant with Suite B SSH set out in RFC6239, but these standards have been used as guidance for setting the more restrictive Level 2 recommendation.

Impact:

Some SSH Clients or other management applications or automation platforms utilizing SSH may not support the stronger Key Exchange Methods used in Suite B, so may be unable to connect.

Ensure that all applications are fully tested before deploying this recommendation in a production environment.

Solution

To remove a single non-Suite B Key Exchange method, issue the following command from the [edit system services ssh] hierarchy;

[edit system services ssh]
user@host# delete key-exchange <mac name>

If multiple insecure Key Exchange methods were set, it will generally be easier to delete all the Key Exchange method restrictions with the following command:

[edit system services ssh]
user@host# delete key-exchange

Once all insecure methods have been removed, add one or more stronger Key Exchange methods (in this example all Suite B methods available on most JUNOS devices are set in a single command)

[edit system services ssh]
user@host# set key-exchange [ ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp512 ]

NOTE - The ecdh-sha2-nistp512 Key Exchange method is not cited specifically in RFC6239, but is acceptable in addition/in place of the other NIST Elliptic Curve Diffie Hellman exchange methods for the purposes of this recommendation.
Finally, single Key Exchange methods or a smaller selection of these more secure methods may be selected on the user's discretion.

[edit system services ssh]
user@host# set key-exchange <method>

Default Value:

For most platforms SSH access is enabled by default but key exchange methods are not restricted.

On FIPS releases the curve25519-sha256, dh-group1-sha1, group-exchange-sha & group-exchange-sha2 methods are not supported.

See Also

https://workbench.cisecurity.org/files/3069

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(1), CSCv7|11.5

Plugin: Juniper

Control ID: 90a115783a5ddfd834403e82b6e8fb4d109fa0d21ca12224216ca3f8985436f4