5.1.5 Ensure sshd KexAlgorithms is configured

Information

Key exchange is any method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm. If the sender and receiver wish to exchange encrypted messages, each must be equipped to encrypt messages to be sent and decrypt messages received

Notes:

- Kex algorithms have a higher preference the earlier they appear in the list
- Some organizations may have stricter requirements for approved Key exchange algorithms
- Ensure that Key exchange algorithms used are in compliance with site policy
- The only Key Exchange Algorithms currently FIPS 140 approved are:
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group16-sha512
- diffie-hellman-group18-sha512
- diffie-hellman-group14-sha256

Key exchange methods that are considered weak should be removed. A key exchange method may be weak because too few bits are used, or the hashing algorithm is considered too weak. Using weak algorithms could expose connections to man-in-the-middle attacks

Solution

Note:

- First occurrence of an option takes precedence.
- Though key_exchange may be configured through the KexAlgorithms option in the /etc/ssh/sshd_config file, it is recommended that the key_exchange available to openSSH server are configured through system-wide-crypto-policy
- If the recommendations in the subsection "Configure system wide crypto policy" have been followed, this Audit should be in a passing state. Please review that section before following this Remediation Procedure
- By default, system-wide-crypto-policy is applied to the openSSH server. If the following defaults don't exist due to modifications or upgrade from a earlier release, the system-wide-crypto-policy may not be included by the openSSH server. It is recommended that these defaults be restored, created, or the line Include /etc/crypto-policies/back-ends/opensshserver.config be added before any lines containing the KexAlgorithms argument.
- Defaults:
- The file /etc/ssh/sshd_config includes the line: Include /etc/ssh/sshd_config.d/*.conf This line must appear before any lines containing the KexAlgorithms argument
- This directory /etc/ssh/sshd_config.d/ includes a file /etc/ssh/sshd_config.d/50-redhat.conf
- The file /etc/ssh/sshd_config.d/50-redhat.conf includes the line Include /etc/crypto-policies/back-ends/opensshserver.config
- The file /etc/crypto-policies/back-ends/opensshserver.config is generated by system-wide-crypto-policy

Follow the Remediation Procedure in "Ensure system wide crypto policy disables sha1 hash and signature support"

This is and excerpt of the Remediation Procedure from "Ensure system wide crypto policy disables sha1 hash and signature support":

Create or edit a file in /etc/crypto-policies/policies/modules/ ending inpmod and add or modify the following lines:

hash = -SHA1
sign = -*-SHA1
sha1_in_certs = 0

Example:

# printf '%s
' "# This is a subpolicy dropping the SHA1 hash and signature support" "hash = -SHA1" "sign = -*-SHA1" "sha1_in_certs = 0" >> /etc/crypto-policies/policies/modules/NO-SHA1.pmod

Run the following command to update the system-wide cryptographic policy

# update-crypto-policies --set <CRYPTO_POLICY>:<CRYPTO_SUBPOLICY1>:<CRYPTO_SUBPOLICY2>:<CRYPTO_SUBPOLICY3>

Example:

# update-crypto-policies --set DEFAULT:NO-SHA1:NO-WEAKMAC:NO-SSHCBC:NO-SSHCHACHA20:NO-SSHETM:NO-SSHWEAKCIPHERS

Run the following command to reload the openSSH server to make your cryptographic settings effective:

# systemctl reload-or-restart sshd

- OR - If system-wide-crypto-policy is not being used to configure available KexAlgorithms ( This is not recommended )

Edit the /etc/ssh/sshd_config file and add/modify the KexAlgorithms line to contain a comma separated list of the site unapproved (weak) KexAlgorithms preceded with a - above any Include entries:

Example:

KexAlgorithms -diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

See Also

https://workbench.cisecurity.org/benchmarks/18211

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-17(2), 800-53|IA-5, 800-53|IA-5(1), 800-53|SC-8, 800-53|SC-8(1), CSCv7|14.4

Plugin: Unix

Control ID: da539dd2bdbe0ed3cf2795fd7746f9c93e1aee27aae848cf177b9e48495a8846