New plugins to detect weak SSH servers

Rationale

Tenable is publishing three new plugins to help users detect SSH servers using cryptographic algorithms that may be considered weak. Because SSH requires both the server and the client to use an agreed-upon encryption scheme, customers may have a business justification for using outdated or weak SSH cryptographic algorithms. These three plugins will allow our users to identify the servers in their environments that employ weak cryptographic algorithms. They are then enabled to make informed risk decisions about upgrading, retiring or strengthening protections around these SSH servers with a defense in depth architecture. 

KEX SHA-1 for SSH - The first is a Low severity plugin to detect SSH servers that are configured to allow weak (SHA-1 based) key exchange algorithms. This is based on the IETF draft document "Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)" which can be viewed at https://datatracker.ietf.org/doc/html/draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. These are all SHA-1 based algorithms and include diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1, gss-gex-sha1-*, gss-group1-sha1-*, gss-group14-sha1-*, and rsa1024-sha1.

RSA shorter than 2048 - Next is another Low severity plugin to detect SSH servers that are configured with an RSA host key that is shorter than 2048 bits. This is based on the recommendations in "NIST Special Publication 800-57 Part 3 Recommendation for Key Management" which can be viewed at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf.

SHA-1 based MAC - The third is an Informational severity plugin that will detect SSH servers that are configured to allow a SHA-1 based message authentication code (MAC). This is not actually considered weak, but is being made available for users that wish to identify these servers. This plugin has already been published and is currently in the plugin feed.

Impact

Plugin 153953 "SSH Weak Key Exchange Algorithms Enabled" - Tenable Research has identified that approximately 60% of SSH servers are likely to have weak key exchange algorithms enabled. This will manifest in a new Low severity plugin firing for the majority of users scanning SSH servers.

Plugin 153954 "SSH Host Keys < 2048 Bits Considered Weak" - Tenable Research has identified that approximately 2% of SSH servers are likely to have host keys that are shorter than 2048 bits. This will manifest in a new Low severity finding for users scanning these servers.

Plugin 153588 "SSH SHA-1 HMAC Algorithms Enabled" is Informational only and is already in the plugin feed.

New Plugins

• 153953 SSH Weak Key Exchange Algorithms Enabled | CVSSv2 2.6 (Low) | CVSSv3 3.7 (Low)
• 153954 SSH Host Keys < 2048 Bits Considered | CVSSv2 2.6 (Low) | CVSSv3 3.7 (Low)
• 153588 SSH SHA-1 HMAC Algorithms Enabled | CVSSv2 N/A (Info) | CVSSv3 N/A (Info)

Target Release Date

Wednesday, October 13th, 2021