One 、 Vulnerability description

ssh The server is configured to support password block linking （cbc） encryption . This may allow attackers to recover plaintext messages from ciphertext . Be careful , This plug-in only checks ssh Server Options , Do not check vulnerable software versions .

CBC（Cipher-block chaining, Password group link mode ）, It has dependencies , The encryption process is serial , Can't be parallelized , But decryption can be parallelized , Because a ciphertext will affect the plaintext and the latter plaintext , Will not affect other plaintext . The message must be an integral multiple of the block size , Not enough to fill . But we can't directly see the rule of plaintext information block from ciphertext , So the security is good . Another reason is that ciphertext blocks depend on all information blocks , When encrypting , If there is a message change in the plaintext block, it will affect all ciphertext blocks .

Generally, after our reinforcement ,Linux Environment has generally been adopted AES This algorithm encrypts ,AES There are five encryption modes （CBC、ECB、CTR、OCF、CFB）,centos7.x The system starts sshd After service , The system defaults to CBC Confidential mode of , In the production environment with high safety requirements , Generally, it is not allowed CBC Encrypted , We need to CBC The encryption method of is modified to CTR perhaps GCM.

Risk level ： low

Repair suggestions ： Ban CBC Mode password encryption , And enable the CTR or GCM Password mode encryption .

Two 、 Treatment process

1） edit ssh The configuration file

man /etc/ssh/sshd_config  // Check the currently supported encryption algorithms / Pattern , Multiple encryption algorithms are separated by commas 

ssh -Q cipher // View your current ssh The algorithm used 

vim /etc/ssh/sshd_config

#Ciphers and keying  Comment on the line 

Ciphers aes128-ctr,aes192-ctr,aes256-ctr  // Encryption mode configuration uses ctr

# You can also specify ,Ciphers  Appoint  ssh  Enabled encryption algorithm . When  Ciphers  The value of  +  At the beginning of the character , The specified encryption algorithm will be appended to the default set , It does not affect other algorithms in the default set . When  Ciphers  The value of  ‘-’  At the beginning of the character , The specified encryption algorithm will be removed from the default set , It does not affect other items in the default set .

Ciphers -aes128-cbc,aes192-cbc,aec256-cbc,3des-cbc
Ciphers +aes128-ctr,aes192-ctr,aes256-ctr

Restart the service after completion ：
systemctl stop sshd.service
systemctl start sshd.service

2） verification

nmap --script “ssh2*” The goal is ip // There was no CBC,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 Wait for the weak encryption algorithm to succeed