[talk] Heads Up, OpenSSH MITM "Terrapin"

Isaac (.ike) Levy ike at blackskyresearch.net
Wed Dec 20 10:21:21 EST 2023


Hey all,

If it's not on your holiday radar, there's a serious OpenSSH vulnerability, "Terrapin".

--
For busy folks, the fastest mitigation I've read is in the FreeBSD advisory,
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc

IV. Workaround

Add the following lines to /etc/ssh/ssh_config and /etc/ssh/sshd_config:
Ciphers -chacha20-poly1305 at openssh.com
MACs -*etm at openssh.com

(restart sshd)

--
Gory details, history, and fancy blowfish graphics:
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

Happy Holidays!

Best,
.ike






More information about the talk mailing list