Somebody's looking for CBC

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I forget how long ago I learned there was a weakness in CBC modes in
SSH.  I don't think it was as early as November 2008, when the
announcement above is dated.  Although later versions of SSH have been
fixed, at the time the recommendation was to use CTR modes *only* since
they don't have the same weakness.

People trying to smack my sshd around is nothing new.  But last night's
log had something new (for me) in how they're trying.

sshd[32761]: fatal: no matching cipher found: client
server aes128-ctr,aes192-ctr

Somebody's specifically looking for CBC.

I don't think it was a legitimate research scan (you know, like how many
web servers have SSL enabled), because they kept trying over and over.

... just in case you needed another reason to keep your sshd up-to-date
and configured intelligently.

Site Timeline