SSH audit results (no surprises, but could be better)


#1

Here’s a quick run through of the interesting things from our SSH audit. Note that this device is worse than the GXV3350 in terms of the unsecure algorithms that it has activated. Our recommendation would be a strong upgrade to the embedded dropbear that’s installed. OpenSSH 7.4 is 3+ years old and dropbear 2019.78 is the most recent stable release.

general

  • (gen) banner: SSH-2.0-dropbear_2018.76
  • (gen) software: Dropbear SSH 2018.76
  • (gen) compatibility: OpenSSH 7.4+ (some functionality from 6.6), Dropbear SSH 2016.73+
  • (gen) compression: enabled (zlib@openssh.com)

security

  • (cve) CVE-2018-15599 – (CVSSv2: 5.0) remote users may enumerate users on the system

key exchange algorithms

  • (kex) ecdh-sha2-nistp521 – [fail] using weak elliptic curves
    – [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  • (kex) ecdh-sha2-nistp384 – [fail] using weak elliptic curves
    – [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  • (kex) ecdh-sha2-nistp256 – [fail] using weak elliptic curves
    – [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  • (kex) diffie-hellman-group14-sha1 – [warn] using weak hashing algorithm
    – [info] available since OpenSSH 3.9, Dropbear SSH 0.53

host-key algorithms

  • (key) ssh-rsa (1040-bit) – [fail] using small 1040-bit modulus
    – [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28

encryption algorithms (ciphers)

  • (enc) aes128-cbc – [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
    – [warn] using weak cipher mode
    – [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  • (enc) aes256-cbc – [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
    – [warn] using weak cipher mode
    – [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
  • (enc) 3des-ctr – [fail] using weak cipher
    – [info] available since Dropbear SSH 0.52
  • (enc) 3des-cbc – [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
    – [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
    – [warn] using weak cipher
    – [warn] using weak cipher mode
    – [warn] using small 64-bit block size
    – [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28

message authentication code algorithms

  • (mac) hmac-sha1-96 – [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
    – [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
    – [warn] using encrypt-and-MAC mode
    – [warn] using weak hashing algorithm
    – [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
  • (mac) hmac-sha1 – [warn] using encrypt-and-MAC mode
    – [warn] using weak hashing algorithm
    – [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  • (mac) hmac-sha2-256 – [warn] using encrypt-and-MAC mode
    – [info] available since OpenSSH 5.9, Dropbear SSH 2013.56

algorithm recommendations (for Dropbear SSH 2018.76)

  • (rec) !ssh-rsa – key algorithm to change (increase modulus size to 2048 bits or larger)
  • (rec) -3des-cbc – enc algorithm to remove
  • (rec) -3des-ctr – enc algorithm to remove
  • (rec) -aes128-cbc – enc algorithm to remove
  • (rec) -aes256-cbc – enc algorithm to remove
  • (rec) -ecdh-sha2-nistp256 – kex algorithm to remove
  • (rec) -ecdh-sha2-nistp384 – kex algorithm to remove
  • (rec) -ecdh-sha2-nistp521 – kex algorithm to remove
  • (rec) -hmac-sha1-96 – mac algorithm to remove
  • (rec) +diffie-hellman-group16-sha512 – kex algorithm to append
  • (rec) +twofish128-ctr – enc algorithm to append
  • (rec) +twofish256-ctr – enc algorithm to append
  • (rec) -diffie-hellman-group14-sha1 – kex algorithm to remove
  • (rec) -hmac-sha1 – mac algorithm to remove

#2

Still waiting for mine to show so I can run it through the ringer. Got the survey but no device or shipping or communication.


#3

For what it’s worth, ours arrived Jan 3.


#4

Emailed the beta club today…