ssh vulnerable

[tesme33]

Hi

there is a weakness in SSH with can be used to exploid connections.

Code: Select all

https://forum.netgate.com/topic/184941/terrapin-ssh-attack

Code: Select all

https://cloud.google.com/knowledge/kb/disable-weak-ssh-ciphers-for-compute-engine-linux-vms-000004592

How to check :

Code: Select all

nmap --script ssh2-enum-algos -sV -p 22 <IP>

Workaround (on Centos 7 !! for other releases use sshd -T | grep -i 'cipher' to check available ciphers and remove the chacha20-poly1305@openssh.com from the list before adding to sshd_config ):

add the following line to your /etc/ssh/sshd_config

Code: Select all

ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc

and restart the service.

Code: Select all

service sshd restart

I know the etm based MAC are also weak but not as easy as the cipher itself.

[tesme33]

Hi
checked a little bit some other sources also and it seem that disabling the -etm macs is also advisable.

Same as for ciphers.

get the current list of macs:

Code: Select all

sshd -T | grep -i 'mac' 

remove the ones with -etm in the name and add a line at the end to /etc/sshd/config.

sample for centos 7:

Code: Select all

macs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512