Securing IOS-XE SSH
SSH (Secure Shell) is a commonly used cryptographic protocol used to securely manage network devices such as switches, routers, firewalls etc over an insecure network. Although more secure than unencrypted telnet protocol, there are weak or vulnerable algorithms used by SSH as default, that would be identified by a penetration test (pentest) that should be disabled.
This post describes how to secure SSH on a Cisco Catalyst IOS-XE switch.
From the output below we can confirm that SSH supports version 1.0 and 2.0 (version 1.99), with 1.0 considered insecure. We can also determine that weaker SHA1 algorithms are in use and the Diffie-Hellman size is only 2048bits, using the default self-signed keypair.
C3850#show ip ssh SSH Enabled - version 1.99 Authentication methods:publickey,keyboard-interactive,password Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96 KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 Authentication timeout: 120 secs; Authentication retries: 3 Minimum expected Diffie Hellman key size : 2048 bits IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-4095531523 Modulus Size : 2048 bits ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZ9CN2VkeHAFL9eJvKfobCaE+ICxxMivCmUmddswRA +AXAyMpRdZ1QbDlruHkmCzw1geaz8YuQj2i4jzBAWKAknvEL0wZIT2J01JV+N63cDdOLYA2o0CmAtmcg nfFckKMnxxSFC0xYIumr81AJw3lOjE0ucp1K7jw1rH7uGI0s823cuK8Uw+i38XOGWbvaU+2
A nmap scan of the SSH on the default configuration of a Cisco Catalyst switch will also confirm the current SSH configuration. From the output below we can determine that the weaker SHA1 KEX (Key Exchange) and MAC (Message Autentication Code) algorithms are currently enabled, as is the insecure protocol telnet.
user@ubuntu:~$ nmap --script ssh2-enum-algos 192.168.10.2 Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-01 09:43 UTC Nmap scan report for 192.168.10.2 Host is up (0.0015s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh | ssh2-enum-algos: | kex_algorithms: (2) | diffie-hellman-group-exchange-sha1 | diffie-hellman-group14-sha1 | server_host_key_algorithms: (1) | ssh-rsa | encryption_algorithms: (3) | aes128-ctr | aes192-ctr | aes256-ctr | mac_algorithms: (4) | hmac-sha2-256 | hmac-sha2-512 | hmac-sha1 | hmac-sha1-96 | compression_algorithms: (1) |_ none 23/tcp open telnet Nmap done: 1 IP address (1 host up) scanned in 10.66 seconds
Configuration
The following section describes the configuration for how to secure SSH on a Cisco Catalyst IOS-XE switch. The actual SSH algorithms available may vary depending on the platform and software version in use.
Allow only inbound SSH connections, disabling insecure telnet
line vty 0 15 transport input ssh
Enable SSH version 2, which explictly disables SSH version 1.
ip ssh version 2
Create an RSA keypair
ip domain name lab.local crypto key generate rsa modulus 3072 label SSH_RSA
Configure SSH to use the previously configured RSA keypair
ip ssh rsa keypair-name SSH_RSA
Set a minimum Diffie-Hellman key size to 4096 bits (the only options are either 2048 or 4096).
ip ssh dh min 4096
Define the more secure AES-GCM encryption, SHA2 kex and mac algorithms
ip ssh server algorithm mac hmac-sha2-512 hmac-sha2-256 ip ssh server algorithm encryption aes256-gcm aes256-ctr aes192-ctr aes128-gcm ip ssh server algorithm kex ecdh-sha2-nistp384 ecdh-sha2-nistp256
SSH can be secured further by restricting access using an ACL applied to the VTY lines.
ip access-list standard ACL_MGMT permit 192.168.10.0 0.0.0.255 deny any log ! line vty 0 15 access-class ACL_MGMT in
The output below is a syslog message displayed on the console of the switch when an attempt to connect to SSH from an invalid source IP address.
*Jan 1 05:40:18.695: %SEC-6-IPACCESSLOGS: list ACL_MGMT denied 192.168.16.11 1 packet
Verification
Re-run nmap to scan SSH after making the changes. From the output below we can confirm the reported KEX, MAC and Encryption algorithms are correct, with the weaker (insecure) algorithms removed, as per the output of the same command run before making the changes. We can also determine that telnet is no longer identified as being open.
user@ubuntu:~$ nmap --script ssh2-enum-algos 192.168.10.2 Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-01 10:12 UTC Nmap scan report for 192.168.10.2 Host is up (0.0015s latency). Not shown: 999 closed ports PORT STATE SERVICE22/tcp open ssh | ssh2-enum-algos: | kex_algorithms: (1) | ecdh-sha2-nistp384 | ecdh-sha2-nistp256 | server_host_key_algorithms: (1) | rsa-sha2-512| rsa-sha2-256 | ssh-rsa| encryption_algorithms: (2) | aes256-gcm | aes256-ctr | aes192-ctr | aes128-gcm | aes128-ctr | mac_algorithms: (2) | hmac-sha2-512 | hmac-sha2-256 | compression_algorithms: (1) |_ none Nmap done: 1 IP address (1 host up) scanned in 8.68 seconds
Run the command show ip ssh. From the output below we can determine only SSH version 2.0 is enabled, the secure Encryption, MAC and KEX algorithms are used, the DH key size is 4096 and using the RSA keypair SSH_RSA as defined.
C3850#show ip ssh SSH Enabled - version 2.0 Authentication methods:publickey,keyboard-interactive,password Authentication Publickey Algorithms:ecdsa-sha2-nistp384 Hostkey Algorithms:rsa-sha2-512,rsa-sha2-256 Encryption Algorithms:aes256-gcm,aes256-ctr,aes192-ctr,aes128-gcm,aes128-ctr MAC Algorithms:hmac-sha2-512,hmac-sha2-256 KEX Algorithms:ecdh-sha2-nistp384,ecdh-sha2-nistp256 Authentication timeout: 120 secs; Authentication retries: 3 Minimum expected Diffie Hellman key size : 4096 bits IOS Keys in SECSH format(ssh-rsa, base64 encoded): SSH_RSA ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8F9LB/ppN66hPNL0P/2A6enFLyaWETauaDswu3l33 qMbVio5ZzFA+Zy2o3vjoKgtj+/hq4vmJNj4bn2J9vlU76Uxj1/+FIoWfEgSQBZaj37he9RuM1WcSGGfp qOOLZqZFyoks7x/qYrZ7NSpVh5oIf+aWUrDbKlPW5LtNiseowCbYo7DQMk5YeZm9checXL5221y9XPG+ FMHQTC4fOR/itGDVzYWkEQgLayFguM0Mt7LaQ8QHZM70SUoaw4GzucXVOw1H8y9N5rk3IDi5wf7/g6wn