ssh vulnerable

Bugs in eFa 4
Post Reply
tesme33
Posts: 63
Joined: 22 Mar 2015 10:57
Location: Germany/Munich area

ssh vulnerable

Post by tesme33 »

Hi

there is a weakness in SSH with can be used to exploid connections.

Code: Select all

https://forum.netgate.com/topic/184941/terrapin-ssh-attack

Code: Select all

https://cloud.google.com/knowledge/kb/disable-weak-ssh-ciphers-for-compute-engine-linux-vms-000004592


How to check :

Code: Select all

nmap --script ssh2-enum-algos -sV -p 22 <IP>
Workaround (on Centos 7 !! for other releases use sshd -T | grep -i 'cipher' to check available ciphers and remove the chacha20-poly1305@openssh.com from the list before adding to sshd_config ):

add the following line to your /etc/ssh/sshd_config

Code: Select all

ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
and restart the service.

Code: Select all

service sshd restart

I know the etm based MAC are also weak but not as easy as the cipher itself.
tesme33
Posts: 63
Joined: 22 Mar 2015 10:57
Location: Germany/Munich area

Re: ssh vulnerable

Post by tesme33 »

Hi
checked a little bit some other sources also and it seem that disabling the -etm macs is also advisable.

Same as for ciphers.

get the current list of macs:

Code: Select all

sshd -T | grep -i 'mac' 
remove the ones with -etm in the name and add a line at the end to /etc/sshd/config.

sample for centos 7:

Code: Select all

macs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512
Post Reply