Disabling CBC Cipher mode causes login problems

anaigini45 · May 8, 2019, 5:05am

Hi,

As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.

To do this, in sshd_config I comment out these lines :

Ciphers aes128-cbc,blowfish-cbc,3des-cbc
MACS   hmac-sha1,hmac-md5

and add this line :

Ciphers aes128-ctr,aes192-ctr,aes256-ctr

However after doing this, and restarting ssh, I get this error :

/etc/ssh/sshd_config line 88: Bad SSH2 cipher spec 'aes128-ctr,aes192-ctr,aes256-ctr'

Also, I am not able to ssh into the server anymore.

Please provide a suggestion on how to disable the CBC option and enable the CTR/GCM option without causing problems.
The sshd_config file in the server is sshd_config(4) and thus does not support CTR/GCM.

Regards,
ana

RudiC · May 8, 2019, 5:21am

What, then, are the allowed ciphers according to sshd_config?

Neo · May 8, 2019, 5:23am

According to the sshd_config man page (ubuntu):

 Ciphers
             Specifies the ciphers allowed.  Multiple ciphers must be comma-separated.  If the
             specified value begins with a �+' character, then the specified ciphers will be
             appended to the default set instead of replacing them.

             The supported ciphers are:

                   3des-cbc
                   aes128-cbc
                   aes192-cbc
                   aes256-cbc
                   aes128-ctr
                   aes192-ctr
                   aes256-ctr
                   aes128-gcm@openssh.com
                   aes256-gcm@openssh.com
                   arcfour
                   arcfour128
                   arcfour256
                   blowfish-cbc
                   cast128-cbc
                   chacha20-poly1305@openssh.com

             The default is:

                   chacha20-poly1305@openssh.com,
                   aes128-ctr,aes192-ctr,aes256-ctr,
                   aes128-gcm@openssh.com,aes256-gcm@openssh.com

             The list of available ciphers may also be obtained using the -Q option of ssh(1)
             with an argument of �cipher�.

Neo · May 8, 2019, 5:30am

Update:

Here is an example of checking for supported ciphers:

Linux

/home/neo# ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

and on another box:

MacOS

 Tim$ ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

Neo · May 8, 2019, 6:00am

OBTW did you try this?

To disable CBC mode ciphers and weak MAC algorithms (MD5 and -96), add the following lines into the /etc/ssh/sshd_config file.

 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128
 MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160

Then (on linux)

 service sshd restart

anaigini45 · May 9, 2019, 11:23pm

Sorry I forgot to mention that my box is Solaris 9.

And I already tried adding the line :

Ciphers aes128-ctr,aes192-ctr,aes256-ctr

And it throws the error I mentioned (After I restarted ssh) :

/etc/ssh/sshd_config line 88: Bad SSH2 cipher spec 'aes128-ctr,aes192-ctr,aes256-ctr'

I have also commented out the MAC line :

MACS   hmac-sha1,hmac-md5

This does not cause any problems.

Neo · May 9, 2019, 11:45pm

Does this command work on Solaris?

ssh -Q cipher

Sorry, I don't have a Solaris box handy.

Please run ssh -Q cipher and update us with the results.

Also, Oracle says this is all you need to do to disable those weak ciphers:

   
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.`date +%d-%b-%Y-%H-%M`

vi /etc/ssh/sshd_config

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
Macs hmac-sha2-256,hmac-sha2-512

svcadm restart ssh

Edit and Update:

I see from the Oracle docs that Solaris does not support ssh -Q

Oracle Docs: ssh - man pages section 1: User Commands

anaigini45 · May 15, 2019, 5:15am

I tried the last suggestion, and the server fails to come up (Network Connection time out error) when I try to login via the putty (ssh).

--- Post updated at 05:15 PM ---

I tried this solution, however after I make the changes and restart ssh, I am unable to login to the server (Network Connection time out error).

Neo · May 15, 2019, 5:41am

When system admins make sshd config changes to a remote server they do not logout of their working session before they confirm the changes work..

For example, if you are logged into a server and make changes to sshd , you do not log out of that session.

server:/var/www/ads# ssh me@remote.example.com
me@remove.example.com's password: 
Last login: Thu May  9 08:14:30 2019 from 139.112.217.44
me@remote:~$ sudo -i
[sudo] password for me: 
// make changes to ssh configation
remote:~# service sshd restart

You are still logged to the remote server.

Now try to ssh again from another terminal.

Or alternatively, you can run sshd on another port with another configuration file, for example on some (linux) systems;

sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file] [-g login_grace_time] [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]

So, it is not really wise, or at least it is not how I would make sshd changes, to make changes in your config without testing them first.

sshd  [-f config_file]  [-p port]

You can run and test sshd on any open port you like.

anaigini45 · May 23, 2019, 1:18am

Hi,

I tried this solution, and I did not log out from session where I made the changes before opening a new session.
But it still does not work. I cannot ssh into the server anymore. "Network Error: Connection Refused" error.

Regards,
Aigini