Posted by: Eric Hansen
authentication, SHA-512, SSH
I’ve been trying to figure out for a little bit now how to do use the previously written Two Factor Authentication via SSH article for logging into my system directly. While it’s probably the same for SSH as it is for anything else involving PAM authentication, I haven’t actually dived into it too far currently. However, while working on some hardening thoughts for my system, I discovered how to enable SHA hashing, instead of using MD5, for logging into the system.
For the most part, this just adds an extra layer of security to the authentication process. If you are using a server or workstation that connects to the Internet, then this would be something worth implementing, otherwise there’s no real benefit unless you don’t trust anyone who uses the Intranet.
Also, fgetty (a very minimal terminal manager) reportedly does not support SHA-512 hashing, and will lock you out if you attempt this with it. By default, though, most systems use agetty from what I’ve seen, so this is kind of a moot point, but making it regardless.
Lastly, this requires you to be root all the way through as system files are going to be modified.
Step 1: Edit /etc/pam.d/passwd
What you want to do is change the following line:
password required pam_unix.so md5 shadow nullok
First, change md5 to sha512. Secondly, add “rounds=65536″ to the end of the line, so it looks like this:
password required pam_unix.so sha512 shadow nullok rounds=65536
The rounds option is essentially means that the attacker will have to compute so many hashes (in this case 65536) for each password that they try. Another positive to this is that it means that it will take quite a long time for the attacker to even figure out the hash, but the downside is that it your computer will have to compute 65536 hashes for you to log in. I’ll go into this more at the end of this article, though.
Step 2: Edit /etc/default/passwd
The next file to edit is the /etc/default/passwd file. This controls the functions of passwd (which will need to be ran at the end) to ensure passwords are SHA-512. This change is more for a safety measure as I’m not yet sure it’s actually needed. Change the following line:
To the following:
This will tell passwd to use SHA-512 instead of DES (not MD5, but you know how those silly programs are).
Step 3: Edit /etc/login.defs
This file needs to be edited when shadow is used to manage user authentication. All you have to do with this file is add the following line to the file (I put it at the bottom):
Step 4: Reset Passwords
This is where passwd comes in. passwd won’t re-hash passwords automatically, and chances are if you try to log in after making these changes, and not re-hash your password, you will not be able to log in. This is easy, just run passwd (i.e.: passwd root) for every user who will be logging into the system.
Pros and Cons
With rounds being so high, as said earlier, it takes your system longer to hash your password. When it comes to my old netbook (1.6 GHz single-core Intel Atom CPU N270), it takes around 1.5-2 seconds to log in. Hashing takes just as long as using MD5, however, and as I’m never in a rush when I use my laptop I can spare the 2 seconds.
If you’re thinking about using this on a critical system, or something you will need access to pretty quickly, it might run quite faster as long as you have more power to it. I’ll be doing some tests to see if there’s any improvement on my desktop (2.5 GHz quad-core AMD Phenom 9850), as processor power does tend to be a big factor when it comes to hashing.
Personally, I like this change. When you view the /etc/shadow file, it’ll look quite different. After the username, there will be a $5 or $6, then $rounds=…, followed by a $… and another $ that has the hash of your password. If you use SHA-256 (which is allowed, I just don’t prefer for personal reasons), the first will be $5, otherwise SHA-512 will be $6. After that will be the rounds to be computed, followed by what I can only assume to be a salt, given how shadow records usually are. Lastly it’s the salted hash of your password, and then the rest of the values for shadow that haven’t changed.
This can also be done with SSH, but not combined with two-factor authentication.