Fixing SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) RedHat 7
Fixing SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) On RedHat :
1. Modify the bellow setup on /etc/ssh/sshd_config :
# Disable SSH Weak Key Exchange Algorithms & Terrapin Prefix Trunction Weakness (CVE-2023-48795)
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519
MACs [email protected],[email protected]
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha2562. Restart service SSH :
systemctl restart sshd 3. Test Cipher SSH with scanning tools nmap :
nmap -p 22 -Pn --script ssh2-enum-algos --script-args ssh2-enum-algos.mode=weak-macs localhost