6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - DSA keys

Information

SSH should be configured with Suite B based key signing algorithms

Rationale:

SSH (Secure Shell) is the defacto standard protocol used for remote administration of network devices and Unix servers, providing an encrypted and authenticated alternative to Telnet. However, this ubiquity and requirement to support a wide range of clients and deployment scenarios, as well as SSH's age, mean SSH needs to support a variety of Ciphers of varying strengths.

By default, for the widest range of client compatibility, JUNOS supports SSH Key Signing methods using older algorithms and methods such as 1024 bit DSA keys.

SSH is a vital tool for administering most JUNOS devices, providing privileged access and potentially transporting sensitive information including passwords. It is recommended that SSH sessions be protected by restricting JUNOS to using stronger Key Signing methods based on National Security Agency Suite B Standards, while weaker signing methods are explicitly disabled.

Suite B standards for Cryptographic functions are developed and distributed by the US National Security Agency as part of Cryptographic Modernization Programme for protection of US Government data, both unclassified and classified (to Secret). Suite B standards for SSH are set out in RFC6239 and restrict Key Signing to x509v3-ecdsa-sha2-nistp256 or x509v3-ecdsa-sha2-nistp384 only.

NOTE - The OpenSSH implementation used in JUNOS is not fully compliant with Suite B SSH set out in RFC6239, but these standards have been used as guidance for setting the more restrictive Level 2 recommendation. In particular, at time of writing, JUNOS does not support SSH Authentication through the use of X.509 Certificates - so it is not possible to be fully compliant with the Suite B recommendations, however ECDSA based Key Signing is supported, including with the NIST P 256bit and 384bit P Values, for Public Keys.

Impact:

Some SSH Clients or other management applications or automation platforms utilizing SSH may not support the stronger ECDSA Key Signing standard, so may be unable to connect.

Ensure that all applications are fully tested before deploying this recommendation in a production environment.

Solution

To explicitly disable DSA, RSA and ED25519 signatures, type the following commands at the [edit system services ssh] hierarchy:

[edit system services ssh]
user@host#set hostkey-algorithm no-ssh-dss
user@host#set hostkey-algorithm no-ssh-rsa
user@host#set hostkey-algorithm no-ssh-ed25519

Enable ECDSA for SSH Public Keys using the following commands:

[edit system services ssh]
user@host#set hostkey-algorithm ssh-ecdsa

Default Value:

For most platforms SSH-ECDSA, SSH-ED25519, SSH-DSS (1024 bit DSA keys) and SSH-RSA are permitted by default.

SSH-DSS is not supported on JUNOS in FIPS Mode, so cannot be enabled in FIPS mode.

See Also

https://workbench.cisecurity.org/files/3069

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(1), CSCv7|11.5

Plugin: Juniper

Control ID: 20360ec27cf78c3ef1a7497c44f29b43a2a5ff887d9d451af7ac94f64f934749