Closed keteague closed 3 months ago
I can't see any reference for the removal of chacha20-poly1305@openssh.com
in the OpenSSH release notes, @keteague why do you think it is necessary to remove it?
According to the site for the Terrapin Attack noted in the subject, from the first entry in the FAQ: https://terrapin-attack.com/index.html#question-answer
If you feel uncomfortable waiting for your SSH implementation to provide a patch, you can workaround this vulnerability by temporarily disabling the affected chacha20-poly1305@openssh.com encryption and -etm@openssh.com MAC algorithms in the configuration of your SSH server (or client), and use unaffected algorithms like AES-GCM instead.
The floating quick patch for this is to place the following in a file in the /etc/ssh/sshd_config.d/ folder:
Ciphers -chacha20-poly1305@openssh.com
MACs -*etm@openssh.com
@keteague : it seems that all supported platforms issued patches to include the kex-strict-s-v00@openssh.com
key exchange marker. This marker signifies that the Terrapin vulnerability is fixed (that is, as long as all clients also support it). Hence, I think its generally safe enough to keep the chacha20-poly1305 cipher enabled, though for any admins wanting to disable it in their environment, they can certainly do so. In that case, they can also create a custom policy based on their updated config as well.
I suppose I'll mark this issue as complete, as no other replies have come after almost a week.
The Hardening guide needs to be updated to remove chacha20-poly1305@openssh.com, that is - if removal of that cipher is the suggested solution for the time being.
https://www.ssh-audit.com/hardening_guides.html