Hardening SSH - Post Quantum edition

Started by newsense, October 24, 2024, 04:28:03 AM

Previous topic - Next topic
October 24, 2024, 04:28:03 AM Last Edit: February 10, 2025, 03:51:20 PM by newsense
Starting with OPNsense 24.7.7 it is now possible to connect to your firewall using a new post quantum key exchange.

Quotehttps://forum.opnsense.org/index.php?topic=43585.msg216925

o ports: openssh 9.9.p1[11]

[11] https://www.openssh.com/txt/release-9.9



It is therefore imperative that both client and server are on version 9.9 of OpenSSH.

To verify the client is able to connect using the new algorithm use this command:
root@opnsense ~# ssh -Q kex | grep mlkem
mlkem768x25519-sha256


Now for the hardening part, go to System - Settings - Administration:

- Key exchange algorithms - mlkem768x25519-sha256
                          - sntrup761x25519-sha512
                          - sntrup761x25519-sha512@openssh.com    

- Ciphers - aes256-gcm@openssh.com
          - chacha2020-poly1305@openssh.com

- MACs - hmac-sha2-256-etm
       - hmac-sha2-512-etm

- Host Key Algotythms - ssh-ed25519
                      - ssh-ed25519-cert-v01@openssh.com

- Rekey Limit - System Defaults
              - otherwise if in a highly regulated environment adjust as needed.


Sample output, some lines removed:

Code ("Failed connection") Select
root@localhost ~# ssh -v -oKexAlgorithms=sntrup761x25519-sha512 192.168.1.1
OpenSSH_9.9p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /usr/etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-suse.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: /usr/etc/ssh/ssh_config line 33: Applying options for *
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9 FreeBSD-openssh-portable-9.9.p1,1
debug1: compat_banner: match: OpenSSH_9.9 FreeBSD-openssh-portable-9.9.p1,1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.1:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: (no match)
Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: mlkem768x25519-sha256,ext-info-s,kex-strict-s-v00@openssh.com

Code ("Successful Connection") Select
root@localhost ~ [255]# ssh -v -oKexAlgorithms=mlkem768x25519-sha256 192.168.1.1
OpenSSH_9.9p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /usr/etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-suse.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: /usr/etc/ssh/ssh_config line 31: include /usr/etc/ssh/ssh_config.d/*.conf matched no files
debug1: /usr/etc/ssh/ssh_config line 33: Applying options for *
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /usr/etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-suse.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: /usr/etc/ssh/ssh_config line 31: include /usr/etc/ssh/ssh_config.d/*.conf matched no files
debug1: /usr/etc/ssh/ssh_config line 33: Applying options for *
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9 FreeBSD-openssh-portable-9.9.p1,1
debug1: compat_banner: match: OpenSSH_9.9 FreeBSD-openssh-portable-9.9.p1,1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.1:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: mlkem768x25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: mlkem768x25519-sha256 need=32 dh_need=32
debug1: kex: mlkem768x25519-sha256 need=32 dh_need=32
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:qLYOvRRjxmMxvH7O76j7Ib/+Y6lK7oL
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
ED25519 key fingerprint is SHA256:qLYOvRRjxmMxvH7O76j7Ib/+Y6lK7oL



Final considerations.

- As of October 2024, neither latest Putty v0.81 nor WinSCP 6.3.5 support MLKEM yet.

   - Putty v0.83 has added support for MLKEM in February 2025, WinSCP should follow suit either with a release on the 6.3.6+ stable branch or with the current beta one starting with v6.4.3+

- There seems to be a bug in the big linux distros that I tested where the ssh connection will fail for MLKEM, which is why I'm requesting it manually with -oKexAlgorithms=mlkem768x25519-sha256. FreeBSD worked fine.

-  For OPNsense Business Edition MLKEM is available in 24.10.1.

- If unsure about any of the options presented here it is absolutely fine leaving every option on System Defaults.