How to harden SSH in FreeNAS 11

[Stranded Camel]

I've just run this ssh-audit tool on my FreeNAS 11-4 box, and the results are abysmal (see end of post for results). In short, all the items marked `warn`, `fail` or `remove` need to be dealt with. I've done this on several Linux boxes, following this hardening guide, and the results were excellent.

So I want to harden my FreeNAS box. There are instructions for a version of OpenBSD there, so this should be eminently doable. My problem is that I simply don't understand how to go about this on FreeNAS, as most things are ephemeral, disappearing on your next boot. Can anybody lend a hand?

Thanks in advance!

SSH AUDIT RESULTS

Code:

$ ./ssh-audit.py localhost:22
# general
(gen) banner: SSH-2.0-OpenSSH_7.4-hpn14v5 FreeBSD-openssh-portable-7.4.p1,1
(gen) software: OpenSSH 7.4 (hpn14v5) running on FreeBSD
(gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 2016.73+
(gen) compression: disabled

# key exchange algorithms
(kex) curve25519-sha256					 -- [warn] unknown algorithm
(kex) curve25519-sha256@libssh.org		  -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp256					-- [fail] using weak elliptic curves
											`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp384					-- [fail] using weak elliptic curves
											`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp521					-- [fail] using weak elliptic curves
											`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group-exchange-sha256  -- [warn] using custom size modulus (possibly weak)
											`- [info] available since OpenSSH 4.4
(kex) diffie-hellman-group16-sha512		 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group18-sha512		 -- [info] available since OpenSSH 7.3
(kex) diffie-hellman-group14-sha256		 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group14-sha1		   -- [warn] using weak hashing algorithm
											`- [info] available since OpenSSH 3.9, Dropbear SSH 0.53

# host-key algorithms
(key) ssh-rsa							   -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
(key) rsa-sha2-512						  -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256						  -- [info] available since OpenSSH 7.2
(key) ecdsa-sha2-nistp256				   -- [fail] using weak elliptic curves
											`- [warn] using weak random number generator could reveal the key
											`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(key) ssh-ed25519						   -- [info] available since OpenSSH 6.5

# encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com		 -- [info] available since OpenSSH 6.5
											`- [info] default cipher since OpenSSH 6.9.
(enc) aes128-ctr							-- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr							-- [info] available since OpenSSH 3.7
(enc) aes256-ctr							-- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes128-gcm@openssh.com				-- [info] available since OpenSSH 6.2
(enc) aes256-gcm@openssh.com				-- [info] available since OpenSSH 6.2
(enc) aes128-cbc							-- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
											`- [warn] using weak cipher mode
											`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
(enc) none								  -- [fail] no encryption/integrity
											`- [info] available since OpenSSH 1.2.2, Dropbear SSH 2013.56

# message authentication code algorithms
(mac) umac-64-etm@openssh.com			   -- [warn] using small 64-bit tag size
											`- [info] available since OpenSSH 6.2
(mac) umac-128-etm@openssh.com			  -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256-etm@openssh.com		 -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512-etm@openssh.com		 -- [info] available since OpenSSH 6.2
(mac) hmac-sha1-etm@openssh.com			 -- [warn] using weak hashing algorithm
											`- [info] available since OpenSSH 6.2
(mac) umac-64@openssh.com				   -- [warn] using encrypt-and-MAC mode
											`- [warn] using small 64-bit tag size
											`- [info] available since OpenSSH 4.7
(mac) umac-128@openssh.com				  -- [warn] using encrypt-and-MAC mode
											`- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256						 -- [warn] using encrypt-and-MAC mode
											`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha2-512						 -- [warn] using encrypt-and-MAC mode
											`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha1							 -- [warn] using encrypt-and-MAC mode
											`- [warn] using weak hashing algorithm
											`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28

# algorithm recommendations (for OpenSSH 7.4)
(rec) -diffie-hellman-group14-sha1		  -- kex algorithm to remove
(rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp256				   -- kex algorithm to remove
(rec) -ecdh-sha2-nistp384				   -- kex algorithm to remove
(rec) -ecdh-sha2-nistp521				   -- kex algorithm to remove
(rec) -ecdsa-sha2-nistp256				  -- key algorithm to remove
(rec) -none								 -- enc algorithm to remove
(rec) -aes128-cbc						   -- enc algorithm to remove
(rec) -hmac-sha1							-- mac algorithm to remove
(rec) -hmac-sha2-256						-- mac algorithm to remove
(rec) -hmac-sha2-512						-- mac algorithm to remove
(rec) -umac-64@openssh.com				  -- mac algorithm to remove
(rec) -umac-128@openssh.com				 -- mac algorithm to remove
(rec) -hmac-sha1-etm@openssh.com			-- mac algorithm to remove
(rec) -umac-64-etm@openssh.com			  -- mac algorithm to remove

$

 

[fracai]

You should report this as a bug.

 

[dlavigne]

My problem is that I simply don't understand how to go about this on FreeNAS, as most things are ephemeral, disappearing on your next boot. Can anybody lend a hand?

To survive a reboot, use the Extra Options field: http://doc.freenas.org/11/services.html#ssh.

 

[Stranded Camel]

To survive a reboot, use the Extra Options field: http://doc.freenas.org/11/services.html#ssh.

Thanks. I'm aware of that field, but it only allows you to change the configuration of `sshd_config`. A lot of the hardening involves eliminating weak keys, generating stronger keys to replace them, generating stronger Diffie-Hellman groups, and disabling or restricting various and sundry weak key exchange, MAC and cypher algorithms. FreeNAS performs *very* badly in a great number of these areas, and none of them can be fixed through the field you mention.

 

[danb35]

In short, all the items marked `warn`, `fail` or `remove` need to be dealt with.

Why?

 

[Stranded Camel]

Why?

For the purpose of "eliminating weak keys, generating stronger keys to replace them, generating stronger Diffie-Hellman groups, and disabling or restricting various and sundry weak key exchange, MAC and cypher algorithms" in FreeNAS's SSH.

Or, in simpler terms, because FreeNAS's SSH implementation is years behind the industry standard, and this puts every single one of its users at risk.

 

[Stranded Camel]

You should report this as a bug.

Done.