Clarify exposure to CVE-2023-48795 (Terrapin)

[Trolldemorted]

Summary of the new feature / enhancement

As an administrator, I'd like to know whether my fleet is vulnerable to the terrapin attack.

Proposed technical implementation details (optional)

No response

[tgauth]

In this case, Win32-OpenSSH is affected in the same way that OpenSSH-Portable, the upstream codebase, is. The release notes for upstream 9.6 have additional context - 9.6 release notes - which describe the impact as the following:

"While cryptographically novel, the security impact of this attack is fortunately very limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user user authentication from proceeding and results in a stuck connection."

The releases notes go on to describe the potential disablement of an extension related to the keystroke timing obfuscation feature introduced upstream in version 9.5. Win32-OpenSSH only recently released version 9.5 with the keystroke timing obfuscation feature, and due to the release cadence, we were actually able to include a cherry-pick of upstream's "strict kex" protocol extension changes that mitigate this issue.

TLDR - the impact of the attack is fortunately very limited, but these are the two options to fully mitigate the vulnerability:

• Upgrade to the latest Win32-OpenSSH release.
• For existing Win32-OpenSSH releases, disable the vulnerable ciphers via ssh_config and sshd_config.

[Trolldemorted]

Thanks for the elaborate response! Can you estimate when you'll ship a fixed version to W10/W11/WS2022 through windows update?

[tgauth]

That's not currently planned for this issue - here is more info on the servicing criteria for Windows.

[TrueSkrillor]

While I understand that the impact for Win32-OpenSSH is somewhat limited, it still worries me that an update is not even remotely planned (at least, that's how I understand the last comment). "strict kex" as a countermeasure requires both peers to support it. With this in mind, "strict kex" won't be enabled for virtually all connections established by or to Win32-OpenSSH in the near future (because most users won't be updating their built-in SSH manually). This puts Microsoft customers at risk of avoidable Terrapin-style attacks targeting implementation flaws of the server. Also, consider that this combination can quickly escalate the impact of a successful attack up to a full in-session Man-in-the-Middle (as seen by the example of AsyncSSH).

That said, we recommend users update their implementations manually to ensure compatibility with "strict kex".

[compuguy]

That's not currently planned for this issue - here is more info on the servicing criteria for Windows.

I'm pretty sure it meets both of those bars...IMHO...

[maertendMSFT]

This was rediscussed and the position remains unchanged. The 9.5 release is available with the mitigation. ssh_config and sshd_config can be modified to remediate this risk. Future releases of Windows will be based on 9.5+ and the risk will not be present.

[awakecoding]

Hi - I maintain a downstream fork of Win32-OpenSSH with patches and builds for non-Windows platforms, can you clarify which tags in https://github.com/PowerShell/openssh-portable have the mitigation in place, and which commit contains the backported mitigation for Terrapin? Is the Win32-OpenSSH v9.5.0.0 tag safe? Has the mitigation been backported to other tags on the repository? Thanks!

[tgauth]

• commit: https://github.com/PowerShell/openssh-portable/commit/e7010dc405279e32d26daf6b94134bf04761a4db.
• yes, https://github.com/PowerShell/openssh-portable/releases/tag/v9.5.0.0 has the mitigation in place.
• no, it has not been backported to other tags in the repository.

[JuliusBairaktaris]

Hey, as @maertendMSFT already pointed out, you can mitigate the vulnerability on versions <v9.5 by modifying your ssh config. I have created a PS script to help with this tedious task for users who do not want to switch to the "beta" version of OpenSSH for Windows.