SSH Audit Results For test.host.io
F
Score: 43 / 100
| Host Keys: | 2 of 6 passing (33%) |
| Key Exchanges: | 4 of 10 passing (40%) |
| Ciphers: | 13 of 15 passing (86%) |
| MACs: | 0 of 3 passing (0%) |
Server Details
IP Address:
10.11.12.13
Banner:
SSH-2.0-OpenSSH_6.8
Fingerprint (ssh-ed25519):
SHA256:fdDIoFwEWSzYCkDeBYNZWYmXYMofsaNNzHb7p58aJV4
Fingerprint (ssh-rsa):
SHA256:K4mKS3/lqPYbhR/NAh3B2f1IMeHjQ7OCNvQvkpVvqpY
Host Key Types
ssh-ed25519
ecdsa-sha2-nistp256
- NIST P-curves are possibly back-doored by the U.S. National Security Agency. Score reduced by 2.
rsa-sha2-512 (2048-bit)
- A 3072-bit modulus is needed to provide 128 bits of security, but a 2048-bit modulus is in use. Score reduced by 1.
ssh-rsa-sha256@ssh.com
rsa-sha2-256 (2048-bit)
- A 3072-bit modulus is needed to provide 128 bits of security, but a 2048-bit modulus is in use. Score reduced by 1.
ssh-rsa (2048-bit)
- A 3072-bit modulus is needed to provide 128 bits of security, but a 2048-bit modulus is in use. Score reduced by 1.
Key Exchange Algorithms
curve25519-sha256@libssh.org
ecdh-sha2-nistp521
- NIST P-curves are possibly back-doored by the U.S. National Security Agency. Score reduced by 2.
ecdh-sha2-nistp384
- NIST P-curves are possibly back-doored by the U.S. National Security Agency. Score reduced by 2.
ecdh-sha2-nistp256
- NIST P-curves are possibly back-doored by the U.S. National Security Agency. Score reduced by 2.
diffie-hellman-group16-sha512
diffie-hellman-group15-sha512
diffie-hellman-group-exchange-sha256 (1024-bit)
- Small modulus in use (1024-bit). Score capped at 65.
diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
- SHA-1 has exploitable weaknesses. Score reduced by 2.
diffie-hellman-group-exchange-sha1 (1024-bit)
- SHA-1 has exploitable weaknesses. Small modulus in use (1024-bit). Score reduced by 3.
Encryption Ciphers
aes256-ctr
aes256-cbc
aes192-ctr
aes192-cbc
aes128-ctr
aes128-cbc
twofish256-ctr
twofish192-ctr
twofish128-ctr
twofish256-cbc
twofish192-cbc
twofish128-cbc
twofish-cbc
3des-ctr
- 3DES is vulnerable to the SWEET32 attack. Score reduced by 1.
3des-cbc
- 3DES is vulnerable to the SWEET32 attack. Score reduced by 1.
Message Authentication Codes
hmac-sha2-512
- Uses encrypt-and-MAC method. Score reduced by 1.
hmac-sha2-256
- Uses encrypt-and-MAC method. Score reduced by 1.
hmac-sha1
- SHA-1 has exploitable weaknesses. Score reduced by 2.
Findings & References
- Possibly Compromised NIST P-Curves In UseDescription: The NIST P-curves are strongly suspected by some as being back-doored by the NSA.Affected Algorithms:
- ecdsa-sha2-nistp256
- ecdh-sha2-nistp521
- ecdh-sha2-nistp384
- ecdh-sha2-nistp256
Solution: Replace ECDSA host keys with RSA and/or ED25519 host keys. Replace ECDH key exchange algorithms with traditional Diffie-Hellman algorithms and/or the Curve25519 algorithm.References:- Bernstein, D., Lange, T., "SafeCurves: choosing safe curves for elliptic-curve cryptography", <https://safecurves.cr.yp.to/>, Published 2014, Retrieved Oct. 3, 2017.
- Deprecated & Weak SHA-1 Algorithm In UseDescription: SHA-1 is known to have several practical & exploitable weaknesses.Affected Algorithms:
- diffie-hellman-group14-sha1
- diffie-hellman-group-exchange-sha1
- hmac-sha1
Solution: Replace SHA-1 with SHA-256, SHA-384, or SHA-512References:- Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y., "The first collision for full SHA-1", <https://shattered.io/static/shattered.pdf>, Retrieved Jun. 1, 2017.
- Google, Inc., "Gradually sunsetting SHA-1", <https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html>, Published Sept. 5, 2014, Retrieved Jun. 1, 2017.
- Vulnerable Triple-DES Cipher EnabledDescription: Triple-DES has been deprecated and is vulnerable to the SWEET32 attack. In certain circumstances, this allows an eavesdropper to decrypt ciphertext.Affected Algorithms:
- 3des-ctr
- 3des-cbc
Solution: Disable the Triple-DES cipher.References:- Bhargavan, K, Leurent, G., "On the Practical (In-)Security of 64-bit Block Ciphers", <https://sweet32.info/SWEET32_CCS16.pdf>, Published Oct. 2016, Retrieved Oct. 3, 2017.
- U.S. Department of Commerce, National Institute of Standards and Technology, "NIST Special Publication 800-131A Revision 1: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths", <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf>, pg 4, 5, Published Nov. 2015, Retrieved Jun. 1, 2017.
- Encrypt-And-MAC Algorithm EnabledDescription: Encrypt-and-mac algorithms are theoretically weaker than encrypt-then-mac (etm) algorithms with respect to chosen plaintext attacks, chosen ciphertext attacks, and non-malleability.Affected Algorithms:
- hmac-sha2-512
- hmac-sha2-256
Solution: Disable the affected MACs.References:- Bellare, M., Namprempre, C., "Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm", <http://cseweb.ucsd.edu/~mihir/papers/oem.pdf>, pg. 5, Published Jul. 14, 2007, Retrieved Oct. 9, 2017.