Encryption

SSH Weak MAC Algorithms Enabled

our services

Network penetration tests frequently raise the issue of SSH weak MAC algorithms. These algorithms exist in the majority of SSH configurations and are generally considered Low Risk.

What are SSH Weak MAC Algorithms?

As with most encryption schemes, SSH MAC algorithms are used to validate data integrity and authenticity. A ‘MAC algorithm’ should not be conflated with a MAC (Message Authentication Code) as these are two distinct components. The MAC algorithm uses a message and private key to generate the fixed length MAC.

MAC algorithms may be considered weak for the following reasons:

  1. A known weak hashing function is used (MD5)
  2. The digest length is too small (Less than 128 bits)
  3. The tag size is too small (Less than 128 bits)

Example of Known Weak MAC Algorithms

The following are the most common weak MAC algorithms encountered:

  • hmac-md5
  • hmac-md5-96
  • hmac-sha1-96
  • hmac-sha2-256-96
  • hmac-sha2-512-96

Pentesting SSH MAC Algorithms

Pentesters can quickly confirm what SSH MAC algorithms are supported with the following nmap script:

~$ nmap -Pn -p22 --script ssh2-enum-algos 172.21.28.125
Starting Nmap 7.80 ( https://nmap.org ) at 2021-09-16 16:41 EDT
Nmap scan report for 172.21.28.125
Host is up (0.018s latency).

PORT   STATE SERVICE
22/tcp open  ssh
| ssh2-enum-algos:
[..]
|   mac_algorithms: (11)
|       hmac-md5
|       hmac-sha1
|       umac-64@openssh.com
|       hmac-sha2-256
|       hmac-sha2-256-96
|       hmac-sha2-512
|       hmac-sha2-512-96
|       hmac-ripemd160
|       hmac-ripemd160@openssh.com
|       hmac-sha1-96
|       hmac-md5-96
[..]

Remediating SSH Weak MAC Algorithms on Linux

In cases where you maintain system-level access to the vulnerable target, the /etc/ssh/sshd_config file should be edited to include the following:

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com

Remediating SSH Weak MAC Algorithms on Cisco

You can view available MAC algorithms with the following command:

ip ssh server algorithm mac ?

You should see a response indicating supported algorithms:

  hmac-sha1     HMAC-SHA1 (digest length = key length = 160 bits)
  hmac-sha1-96  HMAC-SHA1-96 (digest length = 96 bits, key length = 160 bits)

Since hmac-sha1 is the only secure algorithm, that can be set as follows:

ip ssh server algorithm mac hmac-sha1

On modern Cisco devices, you may want to enable all available secure algorthims:

ip ssh server algorithm mac hmac-sha2-512 hmac-sha2-256

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-algorithm-ccc.html

Remediating SSH Weak MAC Algorithms on Juniper

Juniper systems can use the following command to set strong SSH MAC algorithms:

set system services ssh macs [hmac-md5 hmac-sha1]

Reference:
https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/system-edit-ssh-macs.html

We
Are
Changing
The
Way
Pentesting
Is
Done
  • Application
  • Network
  • Mobile
  • AWS