What are the toughest SSH daemon settings in terms of encryption, handshake, or other cryptographic settings?

You have a good discussion here: https://wiki.mozilla.org/Security/Guidelines/OpenSSH

On modern OpenSSH they recommend:

KexAlgorithms [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256

Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr

MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]

This page gives explanations for each choice: https://stribika.github.io/2015/01/04/secure-secure-shell.html

(do not be fooled by the hardcoded date in the URL, the document is updated from time to time as can be seen from its "changelog" at https://github.com/stribika/stribika.github.io/commits/master/_posts/2015-01-04-secure-secure-shell.md)

Against Logjam, see the end of https://weakdh.org/sysadmin.html :

KexAlgorithms [email protected]

To be honest, I don't understand these things too much, I just want strong encryption and everything

I don't know what you mean by "everything" but if you just want strong encryption then don't mess with the default settings - its possible they could be more secure but you are more likely to break the security than improve it if you don't know what you are doing.

The authentication and negotiation ciphers are far more important than the symmetric algorithm for the overall security - and you've told us nothing about these.

Wanting to know more is a good thing - but the consensus of opinion on the strongest ciphers in February 2018 (at least when you're referring to a an up to date version of well maintained software) is of very little value compared with an understanding of the protocol works and how the implementation integrates with your operating system.


Following config can provide higher security level while keeping some degree of compatibility and reduce configuration complexity.

WARNING: The following configuration is not compatible with all clients

# Change the port number avoid automated attack
Port 2222

# Limit to SSH2 only (the default value)
Protocol 2

# Use RSA and Ed25519 host key only
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# No root login, obvious
PermitRootLogin no

# Log the finger print of public key used to login, provide audit trails. Might take up more storage.
LogLevel VERBOSE

# 2 Factor Authentication. User must present a valid public key first, then enter the correct password to login
AuthenticationMethods publickey,password

# How fast you can type your password?
LoginGraceTime 20

# Key Exchange
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256

# Ciphers
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes128-ctr

# MACs
MACs [email protected],[email protected],[email protected],

# Only allow specific group member login via SSH
AllowGroups ssh-user

# Renew encryption key every 30 minutes or 1 GB of transferred data (overkill & generate overhead, use with caution, especially on slow network)
#RekeyLimit 1G 1800

Remove moduli under 3072 bits for security (Thanks Mozilla)

awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli

The security can further improve with more tweaks such as firewall (iptables), fail2ban, Tor hidden service, switch to custom moduli and tcpwrapper, but those topics are out of scope in this answer. Note that the configuration is not completed, you might need other essential parts for the daemon to work. Remember to backup the original config file so you can roll back if any things goes wrong.

Tags:

Ssh

Hardening