ssh-hardening

#!/bin/bash

# QAD script to harden a default openssh server installation on APT systems.
# Based on the hardening guides at https://www.sshaudit.com/hardening_guides.html

# It takes two options: 
#
# --no-regenerate   Do not regenerate weak RSA keys. This prevents accidental
#                   invalidation of SSH_CA certifications.
#
# --no-client       Do not harden openssh-client, only openssh-server.

SCRIPT_DIR=$(dirname "${BASH_SOURCE[0]}")
# shellcheck disable=SC1091
. "${SCRIPT_DIR}/poshlib/poshlib.sh" || exit 1
use strict
use utils
use parse-opt
use-from .
use vercomp

# parse command line options
parse-opt.prefix "HARDENING_"
parse-opt.flags "REGENERATE" "CLIENT"
eval "$(parse-opt-simple)"

openssh_server_ver=$(dpkg -l openssh-server | awk '/^ii/ {print $3}')
openssh_server_ver=${openssh_server_ver%%p*}
openssh_server_ver=${openssh_server_ver#*:}

if vercomp "$openssh_server_ver" "8.9" || (( $? == 1 )); then

    # Filter out weak ciphers (22.04/bookworm)
    cat <<EOF > /etc/ssh/sshd_config.d/ssh-audit_hardening.conf
KexAlgorithms           sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,gss-curve25519-sha256-,diffie-hellman-group16-sha512,gss-group16-sha512-,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
Ciphers                 chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs                    hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms       sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256

CASignatureAlgorithms           sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256
GSSAPIKexAlgorithms             gss-curve25519-sha256-,gss-group16-sha512-
HostbasedAcceptedAlgorithms     sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-256
PubkeyAcceptedAlgorithms        sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-256
EOF

    [[ "${HARDENING_CLIENT:-}" == false ]] || cat <<EOF > /etc/ssh/ssh_config.d/ssh-audit_hardening.conf
Host *
    KexAlgorithms       sntrup761x25519-sha512@openssh.com,gss-curve25519-sha256-,curve25519-sha256,curve25519-sha256@libssh.org,gss-group16-sha512-,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
    Ciphers             chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
    MACs                hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
    HostKeyAlgorithms   sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256

    CASignatureAlgorithms       sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256
    GSSAPIKexAlgorithms         gss-curve25519-sha256-,gss-group16-sha512-
    HostbasedAcceptedAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-256
    PubkeyAcceptedAlgorithms    sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-256
EOF

else

    # Filter out weak ciphers (20.04/bullseye)
    cat <<EOF > /etc/ssh/sshd_config.d/ssh-audit_hardening.conf
KexAlgorithms           curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
Ciphers                 chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs                    hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms       ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
EOF

    [[ "${HARDENING_CLIENT:-}" == false ]] || cat <<EOF > /etc/ssh/ssh_config.d/ssh-audit_hardening.conf
Host *
    KexAlgorithms       curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
    Ciphers             chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
    MACs                hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
    HostKeyAlgorithms   ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
EOF

fi

# Remove weak moduli
awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe
mv /etc/ssh/moduli.safe /etc/ssh/moduli

# Delete [EC]DSA host keys
find /etc/ssh -type f -name 'ssh_host_*dsa_key*' -exec rm {} +
{ grep -Rl HostCertificate /etc/ssh || true ; } | while read -r file; do
    sed -i -e '/ssh_host_.*dsa_key/d' "$file"
done

# Regenerate RSA host key IFF it is less than 3072 bits
if (( $( awk '{print $2}' /etc/ssh/ssh_host_rsa_key.pub | wc -c ) < 540 )); then
    if [[ "${HARDENING_REGENERATE:-}" == "false" ]]; then
        cat <<EOF >/dev/fd/2

===================================================================
WARNING: your RSA host key is <3072 bits and should be regenerated.
Please run this script again without supplying '--no-regenerate'.
===================================================================

EOF
    else
        mv /etc/ssh/ssh_host_rsa_key{,.bak}
        mv /etc/ssh/ssh_host_rsa_key.pub{,.bak}
        ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
        if [[ -e /etc/ssh/ssh_host_rsa_key-cert.pub ]]; then
            mv /etc/ssh/ssh_host_rsa_key-cert.pub{,.bak}
            cat <<EOF >/dev/fd/2

=================================================================
WARNING: your RSA host key has been regenerated. You will need to
re-sign your certificate and restart your sshd service by hand.
=================================================================

EOF
            exit 0
        fi
    fi
fi

service ssh restart