Mozilla's ssh_scan tool flags security issues with default ssh server (dropbear) config

Hi,
Just noticed a potential issue, checking with the forum before raising a bug.

Mozilla publish some advice and a testing tool for ssh server settings, aimed at OpenSSH but still relevant for dropbear?

https://infosec.mozilla.org/guidelines/openssh

produces the following output. raise a bug ticket?

Thanks

"compliance": {
      "policy": "Mozilla Modern",
      "compliant": false,
      "recommendations": [
        "Add these key exchange algorithms: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256",
        "Add these MAC algorithms: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,umac-128@openssh.com",
        "Add these encryption ciphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes192-ctr",
        "Remove these key exchange algorithms: diffie-hellman-group14-sha1, diffie-hellman-group1-sha1, kexguess2@matt.ucc.asn.au",
        "Remove these MAC algorithms: hmac-sha1"
      ],
      "references": [
        "https://wiki.mozilla.org/Security/Guidelines/OpenSSH"
      ],
      "grade": "F"
    },
1 Like

Good find. But it seems a little vague too - whats it think dropbear is doing thats so bad?? Grade F sounds like it hasnt passed any check/test that mozilla came up with.

If thats all the info their report/tool shows, then my guess is the encryption settings must be to cater for the very low end devices. If thats true i guess one way to solve would to to create dropbear hardness policies , with the default selected based on each device specs (target) during build but can overridden to a more secure profile with config/overlay for those that know what the tradeoffs will be. Thoughts?

But i guess first step really needs to be to quantify exactly what dropbear is or isnt doing thats not conforming to best practice

Various of the recommended ciphersuites and key exchange protocols are simply not supported by dropbear.

1 Like

The most egregious problems appear to be:

I don't immediately see a way to "configure them out" at http://matt.ucc.asn.au/dropbear/dropbear.html or https://linux.die.net/man/8/dropbear


FWIW: Many of my web servers fail Mozilla and NIST guidelines since they don't support "insecure enough" TLS used by ancient/old browsers. I guess the thinking is that some security is better than no security for these clients. Just something to be aware of when looking at the recommendations!

1 Like