Hardening dropbear
I've been notified about the results of the ssh-audit[1] security
scanner.
This gave me the opportunity to learn a bit about how SSH works under
the hood.
This article[2] explains how the session is established.
I learned from it that the diffie-hellman procedure used to exchange
the session key between client and server is based on temporary keys.
The persistent host keys are only used for authentication.
MAC-then-encrypt or encrypt-then-MAC?[3]
The MAC authenticates the message
* MAC-then-encrypt (TLS):
Encrypt(PlainText . MAC(PlainText))
* MAC-and-encrypt (SSH):
Encrypt(PlainText) . MAC(PlainText)
* encrypt-then-MAC (who does that?):
Encrypt(PlainText) . MAC(Encrypt(PlainText))
From the stackexchange thread, I could infer that the latter has stronger
guarantees.
Other interesting reads:
MAC wikipedia page[4].
[1]
https://github.com/jtesta/ssh-audit
[2]
https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process#authenticating-the-user-s-access-to-the-server
[3]
https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac
[4]
https://en.wikipedia.org/wiki/Message_authentication_code