xf.is Blog   Archives  About

Using modern SSHD config to reduce bruteforce attacks

2018-08-27

I recently hardened my SSHD config file to use only modern settings. Initially I set up

HostKeyAlgorithms ssh-ed25519,ssh-rsa
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

After a while I noticed a drop in SSH brute force attacks since many bots use older version of SSH libraries.

For example my logs started poping up with

Unable to negotiate with x.x.x.x port 53177: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

So I decided to limit the choices even further using

# Only use Ed25519 host key
HostKeyAlgorithms ssh-ed25519

KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com

# Strictly not needed since Poly1305 MAC is used when CHACHA20 cipher is selected.
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com

This config forces use of ChaCha20 cipher with Poly1305 MAC using X25519 key exchange using Ed25519 public key. It is debatable to enable AES256-CTR cipher since it is accelerated on many platforms but in my case it really doesn’t matter.

These settings require a modern SSH client (OpenSSH 6.5 (released in 2014) or PuTTY 0.68 (released in 2017)).

After the changes the bots don’t event attempt to login since they don’t support the modern SSHD config:

Received disconnect from x.x.x.x port 56837:11:  [preauth]
Disconnected from x.x.x.x port 56837 [preauth]

But in the end it might be a bit useless since only publickey authentication is enabled on the server and it stops all brute force attempts.