I would like to harden my OpenSSH (clientsite) after the LogJam attack.
I read this article https://weakdh.org/sysadmin.html and there is one paragraph, which says how to do that. Is this enough and how can I test if that is good enough? How can I hardening it if I am using OpenSSH lower than 6.5?
On the server: Have a look at your sshd_config and throw out the diffie-hellman-group1-sha1 if it appears in the KexAlgorithms section.
And restart SSHD.
how can I test if that is good enough?
Get Nmap and run the `ssh2-enum-algos' script against the SSH server.
The diffie-hellman-group1-sha1 must not appear. It only has 1024 bit.
On the server: throw out DH-moduli less than 2048 bits.
Here's some code. It' adapted from a ServerFault question:
awk '$5 >= 2048' /etc/ssh/moduli > /etc/ssh/moduli.strong && \
mv /etc/ssh/moduli.strong /etc/ssh/moduli
And restart SSHD.
Get, compile, and run the SSH weak Diffie-Hellman group identification tool. The tool uses a patched OpenSSH client that attempts various times to connect to the server using different DH group parameters for the DH key exchange protocol, thereby determining whether the server has weak DH groups enabled. GDSSecurity explains how the tool works on their blog.
I don't really know how to check for this.
Some ideas below:
Sniff the Handshake on the client with WireShark.
Filter for ssh. Find the Server: Diffie-Hellman Key Exchange Reply, New Keys line.
Or quicker yet: Filter directly for ssh.message_code == 31.
Look inside the SSH Protocol | SSH Version 2 | Key Exchange | KEX DH host key section. There is human readable ASCII text in there that will tell you what Key Exchange mechanism the server has selected. If it's something that starts with ecdsa- then you're safe from LogJam. Otherwise you'll have to have to count bytes again. And there'll have to be at least 256. (256 x 8 bits == 2048 bits. Which is what we want as a minimum key length.)
Further reading:
