Information
SSH should be configured with Ciphers based on the Suite B Standard
Rationale:
SSH (Secure Shell) is the defacto standard protocol used for remote administration of network devices and Unix servers, providing an encrypted and authenticated alternative to Telnet. However, this ubiquity and requirement to support a wide range of clients and deployment scenarios, as well as SSH's age, mean SSH needs to support a variety of Ciphers of varying strengths.
By default, for the widest range of client compatibility, JUNOS supports SSH Ciphers using older Encryption Algorithms such as Blowfish or RC4 which are no longer considered suitable for use to protect sensitive services like SSH.
SSH is a vital tool for administering most JUNOS devices, providing privileged access and potentially transporting sensitive information including passwords. It is recommended that SSH sessions be protected by restricting JUNOS to using Ciphers recommended in the National Security Agency Suite B Standard.
Suite B standards for Cryptographic functions are developed and distributed by the US National Security Agency as part of Cryptographic Modernization Programme for protection of US Government data, both unclassified and classified (to Secret). Suite B standards for SSH are set out in RFC6239 and restrict Ciphers to AES-128 and AES-256 in Galois Counter Mode only.
When AES is used in Galois Counter Mode (AEAD_AES_128/256_GCM) for Confidentiality (Ciphers), it is also used to provide Integrity (replacing any Message Authentication Codes (MACs) which may be configured). For more details, please see RFC5647.
NOTE - The OpenSSH implementation used in JUNOS is not fully compliant with Suite B SSH set out in RFC6239, but these standards have been used as guidance for setting the more restrictive Level 2 recommendation.
Impact:
Some SSH Clients or other management applications or automation platforms utilizing SSH may not support the stronger ciphers used in Suite B, so may be unable to connect.
Ensure that all applications are fully tested before deploying this recommendation in a production environment.
Solution
To remove a single insecure cipher, issue the following command from the [edit system services ssh] hierarchy;
[edit system services ssh]
user@host#delete ciphers <cipher suite name>
If multiple insecure Ciphers were set, it will generally be easier to delete all the Cipher restrictions with the following command:
[edit system services ssh]
user@host#delete ciphers
Once all insecure Ciphers have been removed, add one or more of the AES-GCM ciphers.
[edit system services ssh]
user@host#set ciphers [ [email protected] [email protected] ]
Default Value:
For most platforms SSH access is enabled by default but ciphers are not restricted.
Not all platforms or versions of JUNOS support AES in Galois/Counter Mode.