A recently discovered flaw in the implementation of the Secure Shell (SSH) protocol lead to an attack vector called „Terrapin Attack“ enables an attacker to break the integrity of the „secure shell“ connection in order weaken the overall security. TL;DR To implement an effective counter measure against the attack, we have disabled the affected methods in the HPC cluster’s SSH configuration. Consequently, these methods cannot be used until further notice:
- Ciphers: ChaCha20-Poly1305
- MACs: Any etm method (e.g. hmac-sha2-512-etm@openssh.com)
Please adapt your configuration accordingly if your configuration is relying on the methods mentioned above.
The attack is only feasible when a using either the ChaCha20-Poly1305 Cipher or a combination of a Cipher Block Chaining (CBC) cipher (or, in theory, a Counter Mode (CTR) cipher) combined with an encrypt then MAC (etm) message authentication code (MAC) method and the attacker has the ability to act as a man-in-the-middle. (Example: A security suite on your client machine may perform a deep packet inspection (per definition a (hopefully „good“) man-in-the-middle) to protect you from other threats.)
The Galois Counter Mode (GCM) AES ciphers are not affected.
We encourage you to employ strong encryption ciphers such as aes256-gcm@openssh.com and a sufficiently strong MAC method (e.g. hmac-sha2-256 or hmac-sha2-512) immune to the attack vector.
Note:
Due to a bug in the Windows OpenSSH client employing the umac-128@openssh.com MAC as default, we disabled the problematic method in the SSH server configuration as well to minimize issues when connecting to the HPC cluster. Until further notice, only hmac-sha2-512 and hmac-sha2-256 can be employed as MAC. Please adapt your configuration accordingly, if required, e.g.:
Ciphers aes256-gcm@openssh.com,aes256-ctr MACs hmac-sha2-512,hmac-sha2-256
You can track any disruptions or security advisories that may occur due to the aforementioned change in the Email category on our status reporting portal.
