[talk] Heads Up, OpenSSH MITM "Terrapin"
Isaac (.ike) Levy
ike at blackskyresearch.net
Wed Dec 20 10:21:21 EST 2023
Hey all,
If it's not on your holiday radar, there's a serious OpenSSH vulnerability, "Terrapin".
--
For busy folks, the fastest mitigation I've read is in the FreeBSD advisory,
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
IV. Workaround
Add the following lines to /etc/ssh/ssh_config and /etc/ssh/sshd_config:
Ciphers -chacha20-poly1305 at openssh.com
MACs -*etm at openssh.com
(restart sshd)
--
Gory details, history, and fancy blowfish graphics:
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
Happy Holidays!
Best,
.ike
More information about the talk
mailing list