Tiny Core Extensions > TCE Talk
openssh 9.6.p1 to mitigate CVE-2023-48795 - Terrapin attack
ovacikar:
Was able to fix this with sshd_config update https://terrapin-attack.com/#question-answer
--- Code: ---ciphers aes256-gcm@openssh.com
--- End code ---
before:
--- Code: ---Remote Banner: SSH-2.0-OpenSSH_9.3
ChaCha20-Poly1305 support: true
CBC-EtM support: false
Strict key exchange support: false
The scanned peer is VULNERABLE to Terrapin.
--- End code ---
after:
--- Code: ---Remote Banner: SSH-2.0-OpenSSH_9.3
ChaCha20-Poly1305 support: false
CBC-EtM support: false
Strict key exchange support: false
The scanned peer supports Terrapin mitigations and can establish
connections that are NOT VULNERABLE to Terrapin. Glad to see this.
For strict key exchange to take effect, both peers must support it.
--- End code ---
ovacikar:
FYI there is another CVE-2024-6387 affecting openssh. It has been fixed 9.8p1
For those in need urgently, the build script http://tinycorelinux.net/11.x/armv6/tcz/src/openssh/ works fine.
gadget42:
saw something, said something:
https://www.openssh.com/txt/release-9.9p2
Navigation
[0] Message Index
[*] Previous page
Go to full version