Information
This variable limits the types of MAC algorithms that SSH can use during communication.
Notes:
- Some organizations may have stricter requirements for approved MACs.
- Ensure that MACs used are in compliance with site policy.
- The only "strong" MACs currently FIPS 140 approved are:
- HMAC-SHA1
- HMAC-SHA2-256
- HMAC-SHA2-384
- HMAC-SHA2-512
MD5 and 96-bit MAC algorithms are considered weak and have been shown to increase exploitability in SSH downgrade attacks. Weak algorithms continue to have a great deal of attention as a weak spot that can be exploited with expanded computing power. An attacker that breaks the algorithm could take advantage of a MiTM position to decrypt the SSH tunnel and capture credentials and information.
Solution
Note:
- First occurrence of an option takes precedence.
- Though MACs may be configured through the MACs option in the /etc/ssh/sshd_config file, it is recommended that the MACs available to openSSH server are configured through system-wide-crypto-policy
- If the recommendations in the subsection "Configure system wide crypto policy" have been followed, this Audit should be in a passing state. Please review that section before following this Remediation Procedure
- By default, system-wide-crypto-policy is applied to the openSSH server. If the following defaults don't exist due to modifications or upgrade from a earlier release, the system-wide-crypto-policy may not be included by the openSSH server. It is recommended that these defaults be restored, created, or the line Include /etc/crypto-policies/back-ends/opensshserver.config be added before any lines containing the MACs argument.
- Defaults:
- The file /etc/ssh/sshd_config includes the line: Include /etc/ssh/sshd_config.d/*.conf This line must appear before any lines containing the MACs argument
- This directory /etc/ssh/sshd_config.d/ includes a file /etc/ssh/sshd_config.d/50-redhat.conf
- The file /etc/ssh/sshd_config.d/50-redhat.conf includes the line Include /etc/crypto-policies/back-ends/opensshserver.config
- The file /etc/crypto-policies/back-ends/opensshserver.config is generated by system-wide-crypto-policy
- IF - CVE-2023-48795 has not been reviewed and addressed, Recommendation
"Ensure system wide crypto policy disables EtM for ssh"
should be followed.
Create or edit a file in /etc/crypto-policies/policies/modules/ ending inpmod and add or modify the the following line:
mac@SSH = -HMAC-MD5* -UMAC-64* -UMAC-128*
Example:
# printf '%s
' "# This is a subpolicy to disable weak MACs" "# for the SSH protocol (libssh and OpenSSH)" "mac@SSH = -HMAC-MD5* -UMAC-64* -UMAC-128*" >> /etc/crypto-policies/policies/modules/NO-SSHWEAKMACS.pmod
Run the following command to update the system-wide cryptographic policy
# update-crypto-policies --set <CRYPTO_POLICY>:<CRYPTO_SUBPOLICY1>:<CRYPTO_SUBPOLICY2>:<CRYPTO_SUBPOLICY3>
Example:
# update-crypto-policies --set DEFAULT:NO-SHA1:NO-WEAKMAC:NO-SSHCBC:NO-SSHCHACHA20:NO-SSHETM:NO-SSHWEAKCIPHERS:NO-SSHWEAKMACS
Run the following command to reload the openSSH server to make your cryptographic settings effective:
# systemctl reload-or-restart sshd
- OR - If system-wide-crypto-policy is not being used to configure available ciphers ( This is not recommended )
Edit the /etc/ssh/sshd_config file and add/modify the MACs line to contain a comma separated list of the site unapproved (weak) MACs preceded with a - above any Include entries:
Example:
MACs -hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected]
- IF - CVE-2023-48795 has not been reviewed and addressed, the following etm MACs should be added to the exclude list:
[email protected]
,
[email protected]
,
[email protected]