Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Allen Kistler
August 23, 2009, 8:04 pm
rate this thread
I forget how long ago I learned there was a weakness in CBC modes in
SSH. I don't think it was as early as November 2008, when the
announcement above is dated. Although later versions of SSH have been
fixed, at the time the recommendation was to use CTR modes *only* since
they don't have the same weakness.
People trying to smack my sshd around is nothing new. But last night's
log had something new (for me) in how they're trying.
sshd: fatal: no matching cipher found: client
Somebody's specifically looking for CBC.
I don't think it was a legitimate research scan (you know, like how many
web servers have SSL enabled), because they kept trying over and over.
... just in case you needed another reason to keep your sshd up-to-date
and configured intelligently.
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security