topic Re: SSH Terrapin Prefix Truncation Weakness in Network Security

SSH Terrapin Prefix Truncation Weakness

dacruzer1 — Fri, 12 Jan 2024 13:56:45 GMT

Good Day All,

I found a vulnerability on my 4321 router regarding this:

"The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security."

Anyone information on how to resolve this is greatly appreciated.

-Alfred

Re: SSH Terrapin Prefix Truncation Weakness

Rob Ingram — Fri, 12 Jan 2024 14:00:16 GMT

@dacruzer1 use unaffected algorithms such as AES-GCM

ip ssh server algorithm encryption aes256-gcm aes128-gcm

Re: SSH Terrapin Prefix Truncation Weakness

balaji.bandi — Fri, 12 Jan 2024 14:50:59 GMT

adding to other comment check also below CVE :

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

Re: SSH Terrapin Prefix Truncation Weakness

dacruzer1 — Fri, 12 Jan 2024 14:52:27 GMT

HI Rob,

I configured that line and now I am getting this error when I tried to SSH:

couldn't agree a client-to-server cipher (available: aes256-gcm, aes128-gcm)

I am using putty to ssh

Re: SSH Terrapin Prefix Truncation Weakness

Rob Ingram — Fri, 12 Jan 2024 15:01:36 GMT

@dacruzer1 where do you receive this error on the device when configuring or in putty when connecting? If in putty then putty might not support GCM, what version of putty? And what ciphers does it support?

Re: SSH Terrapin Prefix Truncation Weakness

dacruzer1 — Fri, 12 Jan 2024 15:09:19 GMT

Hi Rob,

In putty, when connecting. Putty release version 0.70

It supports: AES (SSH-2 only), ChaCHa20 (SSH-2 only), Blowfish, 3DES

Is there an SSH tool that support GCM ?

Thanks!

Re: SSH Terrapin Prefix Truncation Weakness

balaji.bandi — Fri, 12 Jan 2024 15:12:38 GMT

try latest putty 0.80 and check

Re: SSH Terrapin Prefix Truncation Weakness

Rob Ingram — Fri, 12 Jan 2024 15:13:10 GMT

@dacruzer1 0.70 is very old, 0.80 is the latest, download - https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.80.html

Re: SSH Terrapin Prefix Truncation Weakness

dacruzer1 — Fri, 12 Jan 2024 15:21:48 GMT

Hi Rob,

Downloaded and installed the latest version of putty, but still not connecting.

Putty Fatal Error:

"Selected client-to-server cipher "aes256-gcm, aes128-gcm" does not correspond to any supported algorithm"

Re: SSH Terrapin Prefix Truncation Weakness

Rob Ingram — Fri, 12 Jan 2024 15:33:10 GMT

@dacruzer1 I can connect using GCM, try changing the priority cipher selection.

Re: SSH Terrapin Prefix Truncation Weakness

dacruzer1 — Fri, 12 Jan 2024 15:59:29 GMT

Hi Rob,

It did not work, the same error...

I will need to console in and remove that line that I configured.

Re: SSH Terrapin Prefix Truncation Weakness

balaji.bandi — Fri, 12 Jan 2024 21:39:24 GMT

Can you post the show logging and your show ssh output ?

Re: SSH Terrapin Prefix Truncation Weakness

dacruzer1 — Fri, 12 Jan 2024 21:47:07 GMT

2024-01-12 13:46:07 Looking up host "204.62.69.1" for SSH connection
2024-01-12 13:46:07 Connecting to 204.62.69.1 port 22
2024-01-12 13:46:07 We claim version: SSH-2.0-PuTTY_Release_0.80
2024-01-12 13:46:07 Connected to 204.62.69.1
2024-01-12 13:46:07 Remote version: SSH-2.0-Cisco-1.25
2024-01-12 13:46:07 We believe remote version has SSH-1 ignore bug
2024-01-12 13:46:07 We believe remote version needs a plain SSH-1 password
2024-01-12 13:46:07 We believe remote version can't handle SSH-1 RSA authentication
2024-01-12 13:46:07 Using SSH protocol version 2
2024-01-12 13:46:07 No GSSAPI security context available
2024-01-12 13:46:07 Selected client-to-server cipher "aes256-gcm,aes128-gcm" does not correspond to any supported algorithm

Re: SSH Terrapin Prefix Truncation Weakness

mmsabaeai — Tue, 30 Jan 2024 23:24:42 GMT

Hi everyone,

I ran into the same issue as @dacruzer1 has with trying to SSH to the switch after using unaffected algorithms that @Rob Ingram listed above, even with the latest version of Putty 0.80. I was able to fix that issue by using the following on the switch:

ip ssh server algorithm encryption aes256-gcm@openssh.com aes128-gcm@openssh.com

I still needed to use Putty 0.80 even after I did the change.

Please let me know if what I did is the correct way or not.

Thank you,

Manwar

Re: SSH Terrapin Prefix Truncation Weakness

johntug — Wed, 31 Jan 2024 06:00:19 GMT

Hi @mmsabaeai ,

I am currently going to apply this fix and wanted to make sure the fix is already applied.

1. Do you have a command to run to verify if the fix already was applied?

2. Does this require a server reboot or will this cause impact traffic?

3. I believe this fix is applicable for Cisco Nexus 9300?

Thank you,

John

Re: SSH Terrapin Prefix Truncation Weakness

dacruzer1 — Wed, 31 Jan 2024 14:47:28 GMT

If you are still able to ssh to the device after adding that command then that is the correct way. I used Nessus scanner to identify vulnerabilities on my network device that how I was able to detect this vulnerability. hth

Re: SSH Terrapin Prefix Truncation Weakness

johntug — Thu, 01 Feb 2024 06:04:19 GMT

Hi,

I there a way to run a command to check if the fix was is already working? I dont have access on the customer physical location and just doing it remotely and losing ssh will be a problem for me. It is the customer who do the nessus scan.

Thank you,
John

Re: SSH Terrapin Prefix Truncation Weakness

johntug — Thu, 01 Feb 2024 08:23:30 GMT

Hi,

I tried to check the command but it seems (ip ssh server algorithm encryption) is not available on my Nexus Cisco Nexus9000.

I tried to tab below command nothing shows.

(config)# ip ssh ser

Thank you,

John

Re: SSH Terrapin Prefix Truncation Weakness

bseklecki — Fri, 09 Feb 2024 06:41:06 GMT

>3. I believe this fix is applicable for Cisco Nexus 9300?

For Nexus 9300, NX-OS, the fix will be different for modifying the SSH daemon CipherSuites. ~BAS

Re: SSH Terrapin Prefix Truncation Weakness

bseklecki — Fri, 09 Feb 2024 06:48:45 GMT

> Is there a way to run a command to check if the ..

IOS (and IOS-XE?)# show ip ssh

Cat9K ( NX-OS ) # show ssh server

(it should print the acceptable KEX Key Exchange, MACs, and encryption CipherSuites)