Configuring SSH to Protect Against the Terrapin Attack on AWS EC2 Amazon Linux Instances | by Teri Radichel | Cloud Security | Jan, 2024

Patch OpenSSH — AND — Disallow insecure connections by removing them from your configuration

Teri Radichel
Cloud Security

17 min read

17 hours ago

A recent vulnerability in SSH means that many servers allowing users to connect using certain encryption algorithms are vulnerable to attack.


Edit this file:
sudo vi /etc/crypto-policies/back-ends/opensshserver.config

If you want to know how I figured that out, read on.

By the way — there were two vulnerabilities announced in SSH recently. There’s a separate SSH issue I covered in this post which has to do with the keys you use to authenticate to SSH:

I may provide an update for the above later as well.

About the Terrapin Attack

I first read about the Terrapin Attack here:

And see that many people still have not updated their configuration to protect against this attack:

How does it work?

Here’s what happens at a high level. A person wants to connect with SSH so they run a command to connect to the server.

The client machine and the server machine perform what is called a “handshake” to determine which encryption algorithms can be used to encrypt the communications between the two hosts.

Wikimedia: https://commons.wikimedia.org/wiki/File:Handshake,_by_David.svg

#Configuring #SSH #Protect #Terrapin #Attack #AWS #EC2 #Amazon #Linux #Instances #Teri #Radichel #Cloud #Security #Jan