KATA 4.0: Nessus complains about weak KEX [KATA/KEDRE]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Problem

After "Nessus" vulnerability scanning on Central node 4.0 servers, you may see the following:

Ports: 22-tcp   Description: The remote SSH server is configured to allow key exchange algorithms which are considered weak. This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes:     diffie-hellman-group-exchange-sha1   diffie-hellman-group1-sha1   gss-gex-sha1-*   gss-group1-sha1-*   gss-group14-sha1-*   rsa1024-sha1

This is about a IETF proposed standard (formerly a draft) introduced in January 2022 after KATA 4.0 release. These IETF recommendations are addressed in KATA version 5.0.

Solution

Disclaimer

This security hardening procedure is done "at your own risk", at the present moment we don't suggest to apply it preemptively.

KATA 4.0 has OpenSSH_7.4p1, OpenSSL 1.0.2k-fips. This version supports newer Key Exchange (KEx) algorithms, so disabling weaker ones doesn't pose a problem. However, the list of key exchange algorithms that are accepted by GSSAPI key exchange for this version have only the ones that are named weak by the IETF draft, man SSHD_CONFIG(5) says:

GSSAPIKexAlgorithms The list of key exchange algorithms that are accepted by GSSAPI key exchange. Possible values are gss-gex-sha1-, gss-group1-sha1-, gss-group14-sha1-

Therefore, the only option to remove these in OpenSSH_7.4p1, is to disable GSSAPI key exchange. GSSAPI however is used by Kerberos authentification, so the possible impact is that Kerberos integration may be affected after these changes. 

So, in order to achieve the desired result:

1.  Open /etc/ssh/shh_config

   #vi /etc/ssh/shh_config

2. Locate the line

   GSSAPIAuthentication yes

   Change it to "no":

   GSSAPIAuthentication no

3. Add (or uncomment) the line

   GSSAPIKeyExchange no

4. Add the line defining the KEX algorithms to be used. These are all the algorithms supported by existing version of OpenSSL except the weak ones:

   KexAlgorithms diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org

5. Exit vi and save :wq!

6. Restart sshd

   #systemctl restart sshd

7. Confirm applied changes by listing the loaded gssapi settings and KEX algorithms.

   # sshd -T | grep kex # sshd -T | grep gssapi