[euler-users] SSH security mitigations
13 views
Skip to first unread message
Colin Vanden Heuvel
Dec 20, 2023, 11:21:29 PM12/20/23
to 'Colin Vanden Heuvel' via euler-users
Hi Everyone,
In order to mitigate a recently disclosed vulnerability in the SSH protocol, CVE-2023-48795, I had to apply a patch to Euler's login nodes to disable certain key exchange algorithms which could be exploited by a malicious actor. While the risk from this exploit is fairly minimal for folks who are connecting from within the UW network, it is quite serious for those who will be traveling over the winter holidays and may be connecting from public or otherwise insecure networks.
The patch may break compatibility with older or otherwise insecurely configured SSH clients. If you are unable to connect, please try the following options in order.
- Ensure that your SSH client is up to date. Clients which support the latest secure protocols will have the best chance of connecting to Euler without issue.
- Try temporarily using a different SSH client. Various implementations exist for most operating systems, so there should be an alternative that works for you.
- If you are still unable to connect to Euler using your device, you can first connect to a device with a compatible version installed and then use that device to connect to Euler. It is VERY important to use the UW or CoE VPN with this method, just in case the system you use as a proxy might not be patched for this exploit itself.
Regards,
Colin Vanden Heuvel
In order to mitigate a recently disclosed vulnerability in the SSH protocol, CVE-2023-48795, I had to apply a patch to Euler's login nodes to disable certain key exchange algorithms which could be exploited by a malicious actor. While the risk from this exploit is fairly minimal for folks who are connecting from within the UW network, it is quite serious for those who will be traveling over the winter holidays and may be connecting from public or otherwise insecure networks.
The patch may break compatibility with older or otherwise insecurely configured SSH clients. If you are unable to connect, please try the following options in order.
- Ensure that your SSH client is up to date. Clients which support the latest secure protocols will have the best chance of connecting to Euler without issue.
- Try temporarily using a different SSH client. Various implementations exist for most operating systems, so there should be an alternative that works for you.
- If you are still unable to connect to Euler using your device, you can first connect to a device with a compatible version installed and then use that device to connect to Euler. It is VERY important to use the UW or CoE VPN with this method, just in case the system you use as a proxy might not be patched for this exploit itself.
Regards,
Colin Vanden Heuvel
Reply all
Reply to author
Forward
0 new messages