Mozilla's ssh_scan tool flags security issues with default ssh server (dropbear) config


#1

Hi,
Just noticed a potential issue, checking with the forum before raising a bug.

Mozilla publish some advice and a testing tool for ssh server settings, aimed at OpenSSH but still relevant for dropbear?

https://infosec.mozilla.org/guidelines/openssh

produces the following output. raise a bug ticket?

Thanks

"compliance": {
      "policy": "Mozilla Modern",
      "compliant": false,
      "recommendations": [
        "Add these key exchange algorithms: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256",
        "Add these MAC algorithms: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,umac-128@openssh.com",
        "Add these encryption ciphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes192-ctr",
        "Remove these key exchange algorithms: diffie-hellman-group14-sha1, diffie-hellman-group1-sha1, kexguess2@matt.ucc.asn.au",
        "Remove these MAC algorithms: hmac-sha1"
      ],
      "references": [
        "https://wiki.mozilla.org/Security/Guidelines/OpenSSH"
      ],
      "grade": "F"
    },

#2

Good find. But it seems a little vague too - whats it think dropbear is doing thats so bad?? Grade F sounds like it hasnt passed any check/test that mozilla came up with.

If thats all the info their report/tool shows, then my guess is the encryption settings must be to cater for the very low end devices. If thats true i guess one way to solve would to to create dropbear hardness policies , with the default selected based on each device specs (target) during build but can overridden to a more secure profile with config/overlay for those that know what the tradeoffs will be. Thoughts?

But i guess first step really needs to be to quantify exactly what dropbear is or isnt doing thats not conforming to best practice


#3

Various of the recommended ciphersuites and key exchange protocols are simply not supported by dropbear.


#4

The most egregious problems appear to be:

I don't immediately see a way to "configure them out" at http://matt.ucc.asn.au/dropbear/dropbear.html or https://linux.die.net/man/8/dropbear


FWIW: Many of my web servers fail Mozilla and NIST guidelines since they don't support "insecure enough" TLS used by ancient/old browsers. I guess the thinking is that some security is better than no security for these clients. Just something to be aware of when looking at the recommendations!