Weak SSH algorithms

Please post here if you have problems in using Wing FTP Server.
Ben_PDX
Posts: 2
Joined: Tue Nov 08, 2016 9:12 pm

Weak SSH algorithms

Post by Ben_PDX »

We are using Wing FTP version 4.7.8. We recently had a security audit that dinged us on some weak SSH algorithms. Specifically, they called out the Cipher Block Chaining (CBC) mode encryption algorithms:
- aes256-cbc
- aes192-cbc
- aes128-cbc
- blowfish-cvc
- 3des-cbc
- des-cbc-ssh1

The security audit also complained about:
- hmac-sha1

Is there any way to disable these weaker algorithms in Wing FTP?
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Weak SSH algorithms

Post by FTP »

OK, please enable the option "Server -> Settings -> General Settings -> Enable FIPS 140-2 mode", then Wing FTP Server will use the algorithms which be approved by the FIPS group (only allows strong encryption ciphers).
Ben_PDX
Posts: 2
Joined: Tue Nov 08, 2016 9:12 pm

Re: Weak SSH algorithms

Post by Ben_PDX »

I have the "Enable FIPS 140-2 Mode" checkbox checked, but I still see those weak ciphers.

If I run the command:

Code: Select all

nmap --script ssh2-enum-algos <servername> -p22
I get:

Code: Select all

PORT   STATE SERVICE
22/tcp open  ssh
| ssh2-enum-algos: 
|   kex_algorithms (4)
|       curve25519-sha256@libssh.org" rel="nofollow" rel="nofollow
|       ecdh-sha2-nistp256
|       diffie-hellman-group14-sha1
|       diffie-hellman-group1-sha1
|   server_host_key_algorithms (1)
|       ssh-rsa
|   encryption_algorithms (9)
|       aes256-ctr
|       aes192-ctr
|       aes128-ctr
|       aes256-cbc
|       aes192-cbc
|       aes128-cbc
|       blowfish-cbc
|       3des-cbc
|       des-cbc-ssh1
|   mac_algorithms (3)
|       hmac-sha2-256
|       hmac-sha2-512
|       hmac-sha1
|   compression_algorithms (1)
|_      none
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Weak SSH algorithms

Post by FTP »

OK, it is designed to be compatible with some SFTP client, and there is no need to worry about the SFTP security, because the stronger algorithm has higher priority, so your SFTP client will choose the strongest algorithm if it supports that algorithm.
drewcipher
Posts: 2
Joined: Wed Mar 16, 2016 1:08 am

Re: Weak SSH algorithms

Post by drewcipher »

For compliance, we need the weaker ciphers disabled. I understand the client may negotiate high but the risk is related to weaker ciphers being available. How can we remove / disable? It seems like the UI solution recommended here doesn't affect the actual cipher list.
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Weak SSH algorithms

Post by FTP »

OK, you can specify the customized SFTP algorithms under "Server > Settings > General Settings > Security".
drewcipher
Posts: 2
Joined: Wed Mar 16, 2016 1:08 am

Re: Weak SSH algorithms

Post by drewcipher »

Hello FTP,

I believe we've done this. This is what we have listed in "Server > Settings > General Settings > Security > SFTP Encryption Algorithms" section:
aes256-ctr,aes192-ctr,aes128-ctr,des-cbc-ssh1

I restarted the services and the server but when I test, these are still available:
3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc

v4.9.2 on Windows Server 2012

Thanks in advance for your help.
JasonEde
Posts: 7
Joined: Wed Aug 08, 2012 10:14 am

Re: Weak SSH algorithms

Post by JasonEde »

We have the same issue... We're on 4.9.2.

With the default SFTP encryptions settings the protocols reported (probed using nmap) are...

22/tcp open ssh

| ssh2-enum-algos:
| kex_algorithms: (4)
| curve25519-sha256@libssh.org" rel="nofollow" rel="nofollow
| ecdh-sha2-nistp256
| diffie-hellman-group14-sha1
| diffie-hellman-group1-sha1
| server_host_key_algorithms: (1)
| ssh-rsa
| encryption_algorithms: (9)
| aes256-ctr
| aes192-ctr
| aes128-ctr
| aes256-cbc
| aes192-cbc
| aes128-cbc
| blowfish-cbc
| 3des-cbc
| des-cbc-ssh1
| mac_algorithms: (3)
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (3)
| none
| zlib
|_ zlib@openssh.com" rel="nofollow" rel="nofollow

After modifying the SFTP Encryption algos we're now getting...

22/tcp open ssh

| ssh2-enum-algos:
| kex_algorithms: (4)
| curve25519-sha256@libssh.org" rel="nofollow" rel="nofollow
| ecdh-sha2-nistp256
| diffie-hellman-group14-sha1
| diffie-hellman-group1-sha1
| server_host_key_algorithms: (1)
| ssh-rsa
| encryption_algorithms_client_to_server: (9)
| aes256-ctr
| aes192-ctr
| aes128-ctr
| aes256-cbc
| aes192-cbc
| aes128-cbc
| blowfish-cbc
| 3des-cbc
| des-cbc-ssh1
| encryption_algorithms_server_to_client: (3)
| aes256-ctr
| aes192-ctr
| aes128-ctr
| mac_algorithms: (3)
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (3)
| none
| zlib
|_ zlib@openssh.com" rel="nofollow" rel="nofollow


So as you can see it has fixed the server to client ones, but the server still reports the client to server ones as including the CBC ones... Normally we can tie this down in the sshd_config file under ciphers to completely turn the CBC and 3DES ciphers off.
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Weak SSH algorithms

Post by FTP »

OK, you can set the SFTP encryption algorithms under "Server > Settings > General Settings > Security > SFTP Encryption Algorithms".
JasonEde
Posts: 7
Joined: Wed Aug 08, 2012 10:14 am

Re: Weak SSH algorithms

Post by JasonEde »

Hi, I have modified the settings there, but it only changes some of them, not all of them. A pen-test scan of the server still reports the CBC and 3DES algos as enabled which means it fails the test.
Post Reply