Puppy Linux Discussion Forum

Discussion, talk and tips
https://forum.puppylinux.com/

aes immune to terrapin (ssh attack)

https://forum.puppylinux.com/viewtopic.php?t=10159

Page 1 of 1

aes immune to terrapin (ssh attack)

Posted: Fri Dec 22, 2023 11:36 am
by fatdoguser

I note that fatdog supports ssh aes256-gcm@openssh.com cipher

Code: Select all

ssh -Q ciphers

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

and that aes-qcm is immune to the terrapin attack https://www.linuxglobal.com/thwarting-t ... sh-attack/

For the sites I ssh into it seems they also can aes-gcm

Code: Select all

ssh <some site> -c aes256-gcn@openssh.com

... and connections are OK

I assume that a temporary fix is to just add to specify the aes-gcm cipher within ~/.ssh/config for each site

Code: Select all

Host XXX
    HostName YYYY
    User ZZZZ
    Compression no
    Ciphers aes256-gcn@openssh.com
    ControlPath ~/.ssh/%r@%h:%p
    IdentityFile ~/.ssh/seas/id_rsa
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited