Advancements in mathematics and computing power forced deprecation of many existing and commonly used security algorithms an d ciphers Modern SAFE algorithms have replaced the deprecated ones. Unfortunately, most SSH products do not have updated algorithms th at are SAFE for 2021 Both the SSH Server and Client must use SAFE, approved algorithms, MACs and ciphers to provide the level of security for whic h SSH is renowned
CategoriesSSH includes several categories of security algorithms that are responsible for securing different aspects of the protocol |
Host Key Algorithms | Key Exchange Algorithms | Message Authentication Codes (MACs) | CIPHERS | Public Key Algorithms |
PurposeEach category has specific purposes during various stages of the protocol operation |
Server authenticates itself to the client.Used by the client to verify that they are connecting to the correct hos | Used to derive encryption keys and initialization vectors used by ciphers and MAC’s | Used to protect data integrity and prevent replay attacks | PrivacyAlgorithms performing encryption/decryption of the data being transferred | Client authenticates itself to the server. Proves to the Host that the client is who they say they are |
Protect AgainstEach algorithm category protects againstdifferent threats. There is some overlap where needed |
|
|
|
|
|
SAFE AlgorithmsSAFE choices for each category of algorithm are listed on the right |
ssh -ed25519
rsa-sha2-512 rsa-sha2-256 |
curve25519-sha256@libssh.org
curve25519-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 |
hmac-sha2-512-etm@openssh.com
hmac-sha2-256-etm@openssh.com |
aes256-ctr aes128-ctr aes192-ctr These ciphers are safe when used with the specified MACs |
ssh -ed25519
rsa-sha2-512 rsa-sha2-256 |
Missing a safe algorithm in any category renders your SSH implementation unSAFE and the risks are listed below
|
|||||
unSAFE ResultsNot all SSH algorithms are SAFE ![]() |
Attacker can impersonate the attacked server, steal user credentials and gain access to the server | Decryption of User Data | All the data transferred is compromised
Attacker can change and inject data at will |
Decryption of User Data | Unauthorized access to:
|
Server authenticates itself to the client.Used by the client to verify that they are connecting to the correct hos
ssh -ed25519
rsa-sha2-512
rsa-sha2-256
Attacker can impersonate the attacked server, steal user credentials and gain access to the server
Used to derive encryption keys and initialization vectors used by ciphers and MAC’s
curve25519-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
Decryption of User Data
Used to protect data integrity and prevent replay attacks
All the data transferred is compromised
Attacker can change and inject data at will
PrivacyAlgorithms performing encryption/decryption of the data being transferred
aes256-ctr
aes128-ctr
aes192-ctr
These ciphers are safe when used with the specified MACs
Decryption of User Data
Client authenticates itself to the server. Proves to the Host that the client is who they say they are
ssh -ed25519
rsa-sha2-512
rsa-sha2-256
Unauthorized access to: