Table of Contents
- 1. What are SSH Weak Key Exchange Algorithms?
- 2. What is a Key Exchange Algorithm?
- 3. Remediating SSH Weak Key Exchange Algorithms Enabled
- 4. Pentesting SSH Weak Key Exchange Algorithm
In addition to SSH weak MAC algorithms, weak SSH key exchange algorithms are common findings on pentest reports.
The SSH key exchange algorithm is fundamental to keep the protocol secure. It is what allows two previously unknown parties to generate a shared key in plain sight, and have that secret remain private to the client and server.
Over time, some implementations of this algorithm have been identified as weak or vulnerable.
What are SSH Weak Key Exchange Algorithms?
Weak Key Exchange Algorithms use components with fundamental security flaws. There are only two primary reasons they are be regarded as ‘weak’:
- The algorithm uses SHA1.
- The algorithm uses RSA 1024-bit modulus keys.
When flaws were identified in SHA1, it was believed this could potentially impact SSH security. An attack against the protocol would carry an extreme level of difficulty and would be nearly impossible to conduct in practice.
Despite the unlikeliness of an attack occurring, using encryption algorithms with known weaknesses such as SHA1 will raise a Low Risk issue on a network penetration test.
Per IETF guidance, below is a list of known weak algorithms:
- diffie-hellman-group-exchange-sha1
- Diffie-hellman-group1-sha1
- gss-gex-sha1-*
- gss-group1-sha1-*
- rsa1024-sha1
What is a Key Exchange Algorithm?
Nearly all encryption schemes require parties to have a shared secret. Key Exchange algorithms are what allow two parties to create a shared secret while exchanging information in public sight.
Key Exchange algorithms do not actually exchange keys, but rather partial variables that allows both parties to create a shared secret.
One of the best ways to illustrate this is with an excellent video explaining Diffie Hellman.
Remediating SSH Weak Key Exchange Algorithms Enabled
Linux
Edit /etc/ssh/sshd_config to include the following:
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256Restart the SSH service with sudo service sshd restart.
Cisco
Key exchange algorithm can be enabled and disabled with the ip ssh server algorithm kex command. Reference: Cisco Documentation
Aruba
From the Aruba console, the following command can set the algorithms allowed:
ssh key-exchange-algorithms ecdh-sha2-nistp256 curve25519-sha256 diffie-hellman-group-exchange-sha256Reference: Aruba Documentation
Pentesting SSH Weak Key Exchange Algorithm
The following nmap script is the fastest way to confirm algorithm supported:
$ nmap -Pn -p22 --script ssh2-enum-algos 127.0.0.1Starting Nmap 7.01 ( https://nmap.org ) at 2022-06-17 01:53 UTCNmap scan report for localhost (127.0.0.1)Host is up (0.0044s latency).PORT STATE SERVICE22/tcp open ssh| ssh2-enum-algos:| kex_algorithms: (5)| curve25519-sha256@libssh.org| ecdh-sha2-nistp256| ecdh-sha2-nistp384| ecdh-sha2-nistp521| diffie-hellman-group-exchange-sha256