SSH Weak MAC Algorithms Enabled
Network penetration tests frequently raise the issue of SSH weak MAC algorithms. These algorithms exist in the majority of SSH configurations and are generally considered Low Risk.
What are SSH Weak MAC Algorithms?
As with most encryption schemes, SSH MAC algorithms are used to validate data integrity and authenticity. A ‘MAC algorithm’ should not be conflated with a MAC (Message Authentication Code) as these are two distinct components. The MAC algorithm uses a message and private key to generate the fixed length MAC.
MAC algorithms may be considered weak for the following reasons:
- A known weak hashing function is used (MD5)
- The digest length is too small (Less than 128 bits)
- The tag size is too small (Less than 128 bits)
Examples of Known Weak MAC Algorithms
The following are the most common weak MAC algorithms encountered:
Pentesting SSH MAC Algorithms
Pentesters can quickly confirm what SSH MAC algorithms are supported with the following nmap script:
~$ nmap -Pn -p22 --script ssh2-enum-algos 172.21.28.125 Starting Nmap 7.80 ( https://nmap.org ) at 2021-09-16 16:41 EDT Nmap scan report for 172.21.28.125 Host is up (0.018s latency). PORT STATE SERVICE 22/tcp open ssh | ssh2-enum-algos: [..] | mac_algorithms: (11) | hmac-md5 | hmac-sha1 | email@example.com | hmac-sha2-256 | hmac-sha2-256-96 | hmac-sha2-512 | hmac-sha2-512-96 | hmac-ripemd160 | firstname.lastname@example.org | hmac-sha1-96 | hmac-md5-96 [..]
Remediating SSH Weak MAC Algorithms on Linux
In cases where you maintain system-level access to the vulnerable target, the
/etc/ssh/sshd_config file should be edited to include the following:
Remediating SSH Weak MAC Algorithms on Cisco
You can view available MAC algorithms with the following command:
ip ssh server algorithm mac ?
You should see a response indicating supported algorithms:
hmac-sha1 HMAC-SHA1 (digest length = key length = 160 bits) hmac-sha1-96 HMAC-SHA1-96 (digest length = 96 bits, key length = 160 bits)
hmac-sha1 is the only secure algorithm, that can be set as follows:
ip ssh server algorithm mac hmac-sha1
On modern Cisco devices, you may want to enable all available secure algorthims:
ip ssh server algorithm mac hmac-sha2-512 hmac-sha2-256
Remediating SSH Weak MAC Algorithms on Juniper
Juniper systems can use the following command to set strong SSH MAC algorithms:
set system services ssh macs [hmac-md5 hmac-sha1]