If you cannot upgrade your OpenSSH client and/or server to fix CVE-2023-48795, also known as the Terrapin attack, the way to mitigate it is to disable the vulnerable ciphers as Red Hat explains very well.
If you have a recent OpenSSH version, you can disable the the ciphers by adding “-” before them in the Ciphers and MACs options. This works for both the ssh client config (/etc/ssh/ssh_config
by default) and the ssh server config (/etc/ssh/sshd_config
).
If you have an older OpenSSH version, you may not be able to use the “-”. Then you must explicitly list all the allowed ciphers. Simply remove the vulnerable ciphers and MACs from the respective lists.
For reference, in January 2023, Germany BSI (Federal Office of Information Security) recommended the following settings for SSH for use past 2023 (2029+).
Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512,hmac-sha2-256
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256
HostKeyAlgorithms ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
A few things to be aware of:
- be sure to check if the mentioned options are available to your systems before you restart your ssh daemons
- make sure you have host keys matching the ciphers
- verify you can connect to your servers after restarting sshd and before you disconnect
- monitor for connection failures from your clients.
Be careful, Mozilla OpenSSH guidelines have not been updated for a long time and they still recommend vulnerable algorithms.
The team behind Terrapin published a scanner to check if your servers are vulnerable on GitHub.