# SSH Cipher Recommendations ## Overview This document explains the SSH cipher, MAC, and key exchange algorithm choices used in the node-hardening skill's sshd_config template. ## Current Recommendations (2024) ### Ciphers (Encryption) | Cipher | Recommendation | Notes | |--------|----------------|-------| | chacha20-poly1305@openssh.com | **Recommended** | Modern, fast, constant-time | | aes256-gcm@openssh.com | **Recommended** | Strong, hardware-accelerated | | aes128-gcm@openssh.com | **Acceptable** | Fast, hardware-accelerated | | aes256-ctr | Acceptable | Legacy compatibility | | aes128-ctr | Acceptable | Legacy compatibility | | 3des-cbc | **Avoid** | Deprecated, slow | | arcfour | **Avoid** | Broken | ### MACs (Message Authentication) | MAC | Recommendation | Notes | |-----|----------------|-------| | hmac-sha2-512-etm@openssh.com | **Recommended** | Encrypt-then-MAC, strongest | | hmac-sha2-256-etm@openssh.com | **Recommended** | Encrypt-then-MAC | | umac-128-etm@openssh.com | Acceptable | Fast, Encrypt-then-MAC | | hmac-sha2-512 | Acceptable | No ETM | | hmac-sha2-256 | Acceptable | No ETM | | hmac-sha1 | **Avoid** | Deprecated | | hmac-md5 | **Avoid** | Broken | ### Key Exchange (KEX) | KEX Algorithm | Recommendation | Notes | |---------------|----------------|-------| | curve25519-sha256 | **Recommended** | Modern, safe curve | | curve25519-sha256@libssh.org | **Recommended** | Same, legacy name | | diffie-hellman-group16-sha512 | Acceptable | 4096-bit DH | | diffie-hellman-group18-sha512 | Acceptable | 8192-bit DH | | diffie-hellman-group14-sha256 | Acceptable | 2048-bit DH | | diffie-hellman-group1-sha1 | **Avoid** | Weak, deprecated | | diffie-hellman-group-exchange-sha1 | **Avoid** | SHA1 deprecated | ### Host Key Algorithms | Algorithm | Recommendation | Notes | |-----------|----------------|-------| | ssh-ed25519 | **Recommended** | Modern, compact | | rsa-sha2-512 | **Recommended** | RSA with SHA2 | | rsa-sha2-256 | **Recommended** | RSA with SHA2 | | ecdsa-sha2-nistp256 | Acceptable | NIST curve concerns | | ssh-rsa | **Avoid** | SHA1 deprecated | | ssh-dss | **Avoid** | Weak | ## Template Configuration The sshd_config template uses: ``` # Strong ciphers only Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com # Encrypt-then-MAC only MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com # Modern key exchange KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org # Preferred host key algorithms HostKeyAlgorithms ssh-ed25519,rsa-sha2-512,rsa-sha2-256 ``` ## Compatibility Notes ### Minimum Client Versions These settings require: - OpenSSH 7.3+ (released 2016) - PuTTY 0.68+ (released 2017) ### Legacy Client Support If you need to support older clients, add fallback options: ``` Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-256 KexAlgorithms curve25519-sha256,diffie-hellman-group16-sha512 ``` ## Testing Configuration After applying changes, test with: ```bash # Check server offerings ssh -Q cipher ssh -Q mac ssh -Q kex # Test connection with verbose output ssh -vvv user@server # Audit with ssh-audit (recommended) pip install ssh-audit ssh-audit localhost ``` ## References - [Mozilla SSH Guidelines](https://infosec.mozilla.org/guidelines/openssh) - [ssh-audit](https://github.com/jtesta/ssh-audit) - [Secure Secure Shell](https://stribika.github.io/2015/01/04/secure-secure-shell.html) - [OpenSSH Manual](https://man.openbsd.org/sshd_config)