Hi,
The new Terrapin attack is a type of security exploit that targets SSH (Secure Shell) servers. This attack takes advantage of vulnerabilities in the SSH protocol to gain unauthorized access to a server.
To do this, run the following command. You can use either nano or vi, whichever you prefer.
Paste this code:
Now, we need to apply our policy. Run the following command:
Save your changes and restart the SSH server.
You can verify that the changes are in effect by checking that the ciphers listed above are missing from both files.
For CentOS 7 / RHEL-7:
You should use strict MACs and Ciphers on CentOS 7/RHEL-7.
Use the following ciphers:
Update both of the following files:
/etc/ssh/ssh_config
/etc/ssh/sshd_config
If you are using DirectAdmin or cPanel, immediately fix this vulnerability; otherwise, your servers can be compromised.
The new Terrapin attack is a type of security exploit that targets SSH (Secure Shell) servers. This attack takes advantage of vulnerabilities in the SSH protocol to gain unauthorized access to a server.
How the new Terrapin attack works?
A flow was found during the discovery that during the SSH integrity checks, by changing certain numbers during the connection setup, an attacker can make it look like some messages weren't sent, without SSH noticing.Who discovered the new Terrapin attack?
The New Terrapin attack discovered back in December 2023 by Ruhr University Bochum in Germany. It has been assigned as CVE-2023-48795. You can read more about this on RedHat.Mitigate new Terrapin attack:
On CentOS / RHEL-8, and CentOS / RHEL-9
Code:
You can disable the following ciphers and HMACs on RHEL-8 and RHEL-9:
1. [email protected]
2. [email protected]
3. [email protected]
4. [email protected]
5. [email protected]
To do this, run the following command. You can use either nano or vi, whichever you prefer.
nano /etc/crypto-policies/policies/modules/CVE-2023-48795.pmod
Paste this code:
cipher@SSH = -CHACHA20-POLY1305
ssh_etm = 0
Now, we need to apply our policy. Run the following command:
update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795
Save your changes and restart the SSH server.
You can verify that the changes are in effect by checking that the ciphers listed above are missing from both files.
/etc/crypto-policies/back-ends/openssh.config
/etc/crypto-policies/back-ends/opensshserver.config
For CentOS 7 / RHEL-7:
You should use strict MACs and Ciphers on CentOS 7/RHEL-7.
Use the following ciphers:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
MACs [email protected],[email protected],hmac-sha2-256,hmac-sha2-512
Update both of the following files:
/etc/ssh/ssh_config
/etc/ssh/sshd_config
If you are using DirectAdmin or cPanel, immediately fix this vulnerability; otherwise, your servers can be compromised.