Managed Security in our Java SSH APIs

The latest Maverick Legacy 1.7.27 releases include a new concept we have called Managed Security. This update introduces several changes under-the-hood to ensure that usage of the APIs maintains the highest possible security whenever possible.

We introduced a set of security levels to classify the algorithms we support. As a developer, you can now fix the minimum security level of your implementation to exclude algorithms according to your security policy.

We have also introduced a new chacha20poly1305 cipher and curve25519-sha256 key exchange to further extend the algorithms we support.
 

Configuring the security level

The security level can be configured globally for your JVM through the ComponentManager using the following code:

ComponentManager.getInstance().setMinimumSecurityLevel(SecurityLevel.STRONG);

The available security levels are WEAK, STRONG, and PARANOID.

 

What does setting a minimum security level do in practice?

For both client and server APIs, when you set a minimum security level, all algorithms that are weaker than the level you have set will be removed and unavailable for use. The algorithms are also ordered based on our internal security score, which prefers the most secure algorithms first.

The default preferences have also now changed to match the most secure option.

Cipher:     aes256-gcm@openssh.com
HMAC:       hmac-sha2-512
KEX:        curve25519-sha256@libssh.org
Public Key: ssh-ed255219

Of course, any preference you currently set will override these new defaults.
 

Using a Managed Instance

With the client API, you now have the option to create a managed instance SshConnector. This option enables some new features to provide some resilience to key exchange and algorithm issues. If we detect a failure during the key exchange, the API will automatically exclude the problematic component and retry the connection with the next preferred algorithm.

To take advantage of this new feature, you must use the latest methods added in this release.

SshConnector.createManagedInstance(SecurityLevel.STRONG);

Unfortunately, this is not available for the server API because of the server’s relatively passive role in selecting algorithms for the connection. Algorithms are always selected based on the client’s preference.

When you use a managed instance, any preferences set in the SshContext will be ignored. It will always use the most secure algorithm as its first preference.
 

What security level should I use?

The changes we have made should ensure that the most secure algorithms are preferred. The security of a connection is only as strong as the algorithms that are supported by both parties. By setting our preferences based on security strength, we will select the most secure algorithms first with WEAK security used only as a last resort.

If ultimate compatibility with all clients and servers is required, you should (reluctantly) include WEAK security; however, with most modern SSH implementations, the STRONG level should provide a reasonable level of compatibility.

PARANOID provides the ultimate security level and, from my research, should undoubtedly work OpenSSH version 7.0 and upwards.
 

Supported algorithms

Below is the complete list of algorithms with their current order and security level. We have classified these based on several criteria; if you feel this any of these are wrong, then please get in contact.

Ciphers
----
PARANOID 
aes256-gcm@openssh.com
aes128-gcm@openssh.com
chacha20-poly1305@openssh.com

STRONG 
aes256-ctr
aes192-ctr
aes128-ctr

WEAK
arcfour256
aes256-cbc
3des-cbc
3des-ctr
aes192-cbc
aes128-cbc
blowfish-cbc
arcfour128
arcfour

Macs
----
PARANOID
hmac-sha2-512-etm@openssh.com
hmac-sha2-512-96
hmac-sha2-512

STRONG
hmac-sha2-256-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-96

WEAK
hmac-ripemd160
hmac-sha1-etm@openssh.com
hmac-sha1
hmac-md5
hmac-ripemd160-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-ripemd160@openssh.com
hmac-md5-96
hmac-sha1-96

Public Keys
-----------
PARANOID
ssh-ed25519

STRONG
rsa-sha2-512
rsa-sha2-256
x509v3-rsa2048-sha256
ecdsa-sha2-nistp521-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
x509v3-ecdsa-sha2-nistp521
x509v3-ecdsa-sha2-nistp384
x509v3-ecdsa-sha2-nistp256
ecdsa-sha2-nistp521
ecdsa-sha2-nistp384
ecdsa-sha2-nistp256
ssh-rsa-cert-v01@openssh.com
x509v3-ssh-rsa
x509v3-sign-rsa-sha1
x509v3-sign-rsa
ssh-rsa
ecdsa-sha2-nistp256-cert-v01@openssh.com

WEAK
x509v3-ssh-dss
ssh-dss-cert-v01@openssh.com
ssh-dss
x509v3-sign-dss

Key Exchange
------------
PARANOID
curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group18-sha512
diffie-hellman-group17-sha512
diffie-hellman-group16-sha512
diffie-hellman-group15-sha512

STRONG
diffie-hellman-group14-sha256
diffie-hellman-group-exchange-sha256
rsa2048-sha256
ecdh-sha2-nistp521
ecdh-sha2-nistp384
ecdh-sha2-nistp256

WEAK
rsa1024-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
Posted in SSH