Learn about Centmin Mod LEMP Stack today
Become a Member

Security AlmaLinux OpenSSH chacha20 ciphers for Terrapin Security Vulnerability Attacks?

Discussion in 'System Administration' started by Andy, Apr 24, 2024.

  1. Andy

    Andy Active Member

    532
    87
    28
    Aug 6, 2014
    Ratings:
    +126
    Local Time:
    11:45 AM
    I haven't looked up the best practice for cipher in 2024 yet. Recently was told to remove Chacha20_Poly1035 from an audit agency that my merchant service requires to do.

    Here is my cipher suite in the site.conf file.


    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

    I don't see anywhere Chacha20_Poly is used. Wherelse should I look?
    I scanned it with Qualys SSL and it shows my server is using Chacha20 under TSL 1.3
     
  2. eva2000

    eva2000 Administrator Staff Member

    51,947
    11,973
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,470
    Local Time:
    2:45 AM
    Nginx 1.25.x
    MariaDB 10.x
    If you have Cloudflare in front, SSL ciphers would be ones served by Cloudflare servers. There shouldn't be any issue serving chacha20 ciphers. If you do need to remove it, then need to pay and upgrade to Cloudflare Advanced Certificate Management product Advanced certificates · Cloudflare SSL/TLS docs and then you can adjust SSL ciphers served by Cloudflare via the Cloudflare API only Customize cipher suites · Cloudflare SSL/TLS docs

    I use Cloudflare Advanced Certificate Management to remove weak SSL ciphers but chacha20 is not a weak cipher. Ssllabs rest.
     
  3. Andy

    Andy Active Member

    532
    87
    28
    Aug 6, 2014
    Ratings:
    +126
    Local Time:
    11:45 AM
    Thank you. Seems like we are in a pickle.
    Here is what Clover Security (one service hired by merchant providers to scan for security quarterly and we have to be compliant). Not sure how to fix it.

    Category General remote services
    CVE CVE-2023-48795
    CVSS base score 6.4
    Description SSH Prefix Truncation Vulnerability (Terrapin)
    Host 104.194.11.186
    Threat -
    Impact -
    Solution -
    PCI compliant No
    PCI details -
    Reason -
    PCI severity medium
    Port 22 / tcp
    Host name No registered hostname
    Host OS -
    Result
    SSH Prefix Truncation Vulnerability (Terrapin) detected on port: 22
    ChaCha20-Poly1305 Algorithm Support: True
    CBC-EtM Algorithm Support: False
    Strict Key Exchange algorithm enabled: False
    CVSS Base Score 6.4- AV:N/AC:L/Au:N/C:p/I:p/A:N
    CVSS Temporal Score 5.0- E:pOC/RL:OF/RC:C
    Severity 4
    Category General remote services
    CVE ID
    CVE-2023-48795
    Vendor Reference
    OpenSSH Advisory
    Bugtraq ID
    Date Updated Apr 19, 2024
    Threat The Terrapin attack exploits weaknesses in the SSH transport layer protocol in combination with newer cryptographic algorithms and encryption modes introduced by OpenSSH over 10 years ago. Since then, these have been adopted by a wide range of SSH implementations, therefore affecting a majority of current implementations.
    QID Detection Logic (Unauthenticated):
    This detection attempts to start the SSH key exchange process and examines whether either of the vulnerable ChaCha20-Poly1305 Algorithm or CBC-EtM Algorithm is active. It subsequently verifies whether Strict Key Exchange is enabled. If a target is identified as vulnerable, it indicates that the target supports either of the vulnerable algorithms and lacks support for Strict Key Exchange.



    Impact
    Successful exploitation of the vulnerability may allow an attacker to downgrade the security of an SSH connection when using SSH extension negotiation. The impact in practice heavily depends on the supported extensions. Most commonly, this will impact the security of client authentication when using an RSA public key.


    Solution
    Customers are advised to refer to the individual vendor advisory for their operating system and install the patch released by the vendor. For more information regarding the vulnerability, please refer to Terrapin Vulnerability


    Patch:
    Following are links for downloading patches to fix the vulnerabilities:

    OpenWall Security Advisory
     
  4. eva2000

    eva2000 Administrator Staff Member

    51,947
    11,973
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,470
    Local Time:
    2:45 AM
    Nginx 1.25.x
    MariaDB 10.x
    That is OPENSSH use of chacha20 not Nginx webserver. The terrapin attack was fixed in OPENSSH 9.6 which was backported in AlmaLinux 9 OPENSSH 8.7pl1 as outline at https://community.centminmod.com/threads/upgrade-openssh-to-9-7.25035/#post-99405

    Terrapin Attack and GitHub - RUB-NDS/Terrapin-Scanner: This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

    Tested Terrapin Scanner on Centmin Mod running AlmaLinux 9 OpenSSH 8.7p1 with backported OpenSSH 9.6 Terrapin mitigation fixes = NOT VULNERABLE to Terrapin

    Code (Text):
    ./Terrapin-Scanner --connect localhost:22
    ================================================================================
    ==================================== Report ====================================
    ================================================================================
    
    Remote Banner: SSH-2.0-OpenSSH_8.7
    
    ChaCha20-Poly1305 support:   true
    CBC-EtM support:             false
    
    Strict key exchange support: true
    
    The scanned peer supports Terrapin mitigations and can establish
    connections that are NOT VULNERABLE to Terrapin. Glad to see this.
    For strict key exchange to take effect, both peers must support it.
    
    Note: This tool is provided as is, with no warranty whatsoever. It determines
          the vulnerability of a peer by checking the supported algorithms and
          support for strict key exchange. It may falsely claim a peer to be
          vulnerable if the vendor supports countermeasures other than strict key
          exchange.
    
    For more details visit our website available at https://terrapin-attack.com
    


    Test scan for AlmaLinux 8's OpenSSH 8.0pl1 with backported Terrapin mitigation fixes also not vulnerable
    Code (Text):
    ./Terrapin-Scanner --connect localhost:22
    ================================================================================
    ==================================== Report ====================================
    ================================================================================
    
    Remote Banner: SSH-2.0-OpenSSH_8.0
    
    ChaCha20-Poly1305 support:   true
    CBC-EtM support:             true
    
    Strict key exchange support: true
    
    The scanned peer supports Terrapin mitigations and can establish
    connections that are NOT VULNERABLE to Terrapin. Glad to see this.
    For strict key exchange to take effect, both peers must support it.
    
    Note: This tool is provided as is, with no warranty whatsoever. It determines
          the vulnerability of a peer by checking the supported algorithms and
          support for strict key exchange. It may falsely claim a peer to be
          vulnerable if the vendor supports countermeasures other than strict key
          exchange.
    
    For more details visit our website available at https://terrapin-attack.com


    AlmaLinux 8 OpenSSH 8.0pl1 backported Terrapin fixes
    Code (Text):
    rpm -qa --changelog openssh | head -n21
    * Mon Jan 08 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-19.2
    - Fix Terrapin attack
      Resolves: RHEL-19762
    
    * Thu Dec 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-19.1
    - Fix Terrapin attack
      Resolves: RHEL-19762
    - Forbid shell metasymbols in username/hostname
      Resolves: RHEL-19820
    
    * Thu Aug 24 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-19
    - rebuilt
      Related: CVE-2023-38408
    
    * Thu Jul 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-18
    - Avoid remote code execution in ssh-agent PKCS#11 support
      Resolves: CVE-2023-38408
    
    * Tue Dec 20 2022 Dmitry Belyavskiy - 8.0p1-17
    - Fix parsing of IPv6 IPs in sftp client (#2151334)
    - Avoid ssh banner one-byte overflow (#2138344)


    The Terrapin Scanner determines if an OpenSSH server is vulnerable by assessing the server's support for specific cryptographic ciphers and key exchange mechanisms. It performs this check by:

    1. Connecting to the SSH server or listening for a connection to establish an SSH session.
    2. Exchanging SSH banners to confirm the SSH protocol version.
    3. Receiving the server's SSH_MSG_KEXINIT message which lists the supported key exchange algorithms, encryption algorithms, and MAC algorithms.
    4. Analyzing the algorithms supported: The scanner specifically looks for support of ChaCha20-Poly1305 and CBC with Encrypt-then-MAC. It also checks for indicators of support for strict key exchange protocols. Strict key exchange protocols in OpenSSH are enhancements designed to prevent certain cryptographic attacks, including the Terrapin attack. These protocols enforce a stricter validation and negotiation of key exchange algorithms during the SSH handshake process. By supporting strict key exchange protocols, an OpenSSH server ensures that both parties in the connection explicitly agree on secure, well-vetted algorithms, minimizing the risk of downgrading to weaker cryptographic standards. This is crucial in mitigating the Terrapin attack, which exploits vulnerabilities in less secure configurations by truncating SSH messages to manipulate session encryption and integrity.
    5. Vulnerability Determination: The server is considered vulnerable if it supports ChaCha20 or CBC with EtM but does not support strict key exchange protocols, as these configurations are susceptible to the Terrapin attack's prefix truncation method.
     
    Last edited: Apr 24, 2024
  5. eva2000

    eva2000 Administrator Staff Member

    51,947
    11,973
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,470
    Local Time:
    2:45 AM
    Nginx 1.25.x
    MariaDB 10.x
  6. Andy

    Andy Active Member

    532
    87
    28
    Aug 6, 2014
    Ratings:
    +126
    Local Time:
    11:45 AM
    This only applies to people running CentOS 7 and since I run AlmaLinux, I don't need to take any step right?
     
  7. eva2000

    eva2000 Administrator Staff Member

    51,947
    11,973
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,470
    Local Time:
    2:45 AM
    Nginx 1.25.x
    MariaDB 10.x
    Yup only applies to CentOS 7 users :)