A Golang implementation of sshsecure.py - harden OpenSSH. https://r00t2.io/
Go to file
brent s 7f98e7aa15
yeah so as a temporary measure, i'm using ssh-keygen for now.
but i'll need to natively incorporate it still.
2021-07-03 23:01:58 -04:00
config yeah so as a temporary measure, i'm using ssh-keygen for now. 2021-07-03 23:01:58 -04:00
dh yeah so as a temporary measure, i'm using ssh-keygen for now. 2021-07-03 23:01:58 -04:00
moduli yeah so as a temporary measure, i'm using ssh-keygen for now. 2021-07-03 23:01:58 -04:00
sharedconsts all the directives are copied in with their types. working on validators now. 2020-09-27 03:23:58 -04:00
sshkeys all the directives are copied in with their types. working on validators now. 2020-09-27 03:23:58 -04:00
utils yeah so as a temporary measure, i'm using ssh-keygen for now. 2021-07-03 23:01:58 -04:00
.gitignore initial commit 2020-08-31 03:22:37 -04:00
go.mod yeah so as a temporary measure, i'm using ssh-keygen for now. 2021-07-03 23:01:58 -04:00
go.sum yeah so as a temporary measure, i'm using ssh-keygen for now. 2021-07-03 23:01:58 -04:00
LICENSE adding GPL 2020-09-18 18:01:16 -04:00
README.md need to finish dh stuff still. 2021-07-03 03:58:06 -04:00
TODO all the directives are copied in with their types. working on validators now. 2020-09-27 03:23:58 -04:00

SSHSecure

Why?

Compared to something like rsh, SSH (Secure SHell) is a vast step ahead in terms of security. Since its birth, it's seen functionality increase by leaps and bounds. OpenSSH, by far the most deployed SSH implementation, pays special attention to security. However, due to:

  • making various compromises for ease of use
  • unexpected vulnerabilities (are there ever any expected vulnerabilities?) such as Logjam
  • those deploying SSH not being cryptographic experts
  • the NSA making a concerted effort to compromise OpenSSH
  • etc.

the default configuration and keys used may not be the strongest they can be (and in some cases, user configuration can be downright dangerous to security).

This software will harden your OpenSSH security as much as possible to currently known weaknesses.

How?

This program will generate/modify and replace:

  • Your hostkeys (typically /etc/ssh/ssh_host_*_key*)
  • The client keys (~/.ssh/id_*) for the running user
  • Your sshd (server) configuration (typically /etc/ssh/sshd_config)
  • Your system-wide ssh (client) configuration (typically /etc/ssh/ssh_config)
  • The ssh (client) configuration for the running user (~/.ssh/config)
  • The SSH DH parameters (typically /etc/ssh/moduli)

with much stronger implementations from typical/upstream defaults.

Any and all pre-existing files are backed up before being replaced.

It takes the recommendations from Secure Secure Shell (and perhaps other sources) and automatically applies them.

Additionally, it anonymizes your key. It uses a comment string by default that provides no identifying information other than the fact that you are using SSHSecure.

It will create backups of any file(s) it replaces and automatically rolls back sshd configuration changes if it does not pass the syntax check (sshd -t) to avoid accidentally locking you out.

FAQ

Why a binary?

I originally wrote this as a Python script. However, some machines don't have the Python interpreter installed and due to the lack of low-level access, I ended up making a lot of calls to the shell anyways.

I wrote it in Golang because:

  • The source would be easily read for auditing purposes
  • Golang is, admittedly, incredibly faster at some tasks than Python
  • Multiprocessing/multithreading is incredibly more simple in Golang than Python
  • Building widely-deployable binaries is easier in Golang than C or C++

As much as I like Python, Golang should offer significant improvements.

How can I contact you?

You can either file a bug or email me at bts [at] square-r00t (dot) net.

Is there anything from the Secure Secure Shell document that you don't implement?

Yep. No TOR hidden service ("Traffic analysis resistance"). The system should be sufficiently hardened to prevent you from scans yielding anything useful except noisy logs, and there's much better options for handling those than running SSH over TOR. It isn't the silver bullet you may think it is. You are, of course, welcome to turn it up yourself but it is advisable to not run SSHSecure in an automated fashion in this case as it may revert the changes your sshd_config. It'll try not to, but it may.