SSH: do not send spoofable TCP keep alive messages
By default, both SSH server and client rely on TCP-based keep alive messages to detect broken sessions, which can be spoofed rather easily in order to keep a broken session opened (and vice versa). Since we rely on SSH-based keep alive messages, which are not vulnerable to this kind of tampering, there is no need to double-check connections via TCP keep alive as well. This patch thereof disables using TCP keep alive for both SSH client and server scenario. For usability reasons, a timeout of 5 minutes (10 seconds * 30 keep alive messages = 300 seconds) will be used for both client and server configuration, as 60 seconds were found to be too short for unstable connectivity scenarios. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This commit is contained in:
parent
018f80c6cd
commit
7a981d94cb
|
@ -5,7 +5,7 @@
|
|||
|
||||
# Set some basic hardening options for all connections
|
||||
Host *
|
||||
# Disable Roaming as it is known to be vulnerable
|
||||
# Disable undocumented roaming feature as it is known to be vulnerable
|
||||
UseRoaming no
|
||||
|
||||
# Only use secure crypto algorithms
|
||||
|
@ -13,15 +13,19 @@ Host *
|
|||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
||||
|
||||
# Always visualise server host keys (but helps to identify key based MITM attacks)
|
||||
# Always visualise server host keys (helps to identify key based MITM attacks)
|
||||
VisualHostKey yes
|
||||
|
||||
# Use SSHFP (might work on some up-to-date networks) to look up host keys
|
||||
VerifyHostKeyDNS yes
|
||||
|
||||
# send keep-alive messages to connected server to avoid broken connections
|
||||
# Send SSH-based keep alive messages to connected server to avoid broken connections
|
||||
ServerAliveInterval 10
|
||||
ServerAliveCountMax 6
|
||||
ServerAliveCountMax 30
|
||||
|
||||
# Disable TCP keep alive messages since they can be spoofed and we have SSH-based
|
||||
# keep alive messages enabled; there is no need to do things twice here
|
||||
TCPKeepAlive no
|
||||
|
||||
# Ensure only allowed authentication methods are used
|
||||
PreferredAuthentications publickey,keyboard-interactive,password
|
||||
|
|
|
@ -46,11 +46,13 @@ AllowTcpForwarding no
|
|||
AllowAgentForwarding no
|
||||
PermitOpen none
|
||||
|
||||
# Detect broken sessions by sending keep-alive messages to clients via SSH connection
|
||||
# Send SSH-based keep alive messages to connected clients to avoid broken connections
|
||||
ClientAliveInterval 10
|
||||
ClientAliveCountMax 30
|
||||
|
||||
# Close unresponsive SSH sessions which fail to answer keep-alive
|
||||
ClientAliveCountMax 6
|
||||
# Since TCP keep alive messages can be spoofed and we have the SSH-based already,
|
||||
# there is no need for this to be enabled as well
|
||||
TCPKeepAlive no
|
||||
|
||||
# Add support for SFTP
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
|
|
Loading…
Reference in New Issue