OpenSSH patch — AND — Prohibit insecure connections by removing them from your configuration
A recent vulnerability in SSH means that many servers that allow users to connect using certain encryption algorithms are vulnerable to attack.
TL;DR Edit this file:
sudo vi /etc/crypto-policies/back-ends/opensshserver.config
If you want to know how I figured that out, read on.
By the way, two vulnerabilities were recently announced in SSH. There is a separate SSH issue that I covered in this article that concerns the keys you use to authenticate to SSH:
I may also provide an update for the above later.
About the Terrapin Attack
I first read about the Terrapin attack here:
And notice that many people still haven’t updated their configuration to protect against this attack:
How it works?
Here’s what’s happening at a high level. A person wants to connect with SSH and therefore runs a command to connect to the server.
The client machine and the server machine perform what is called a “handshake” to determine which encryption algorithms can be used to encrypt communications between the two hosts.
