Public bug reported: I've tried the following commands to disable the below cipher but it still showing up. Am i missing something here
echo 'Ciphers [email protected]' > /etc/ssh/sshd_config.d/anti-terrapin-attack.conf echo 'Ciphers [email protected]' > /etc/ssh/ssh_config.d/anti-terrapin-attack.conf systemctl restart sshd The user Rajandran has reported attempting to disable the ChaCha20-Poly1305 encryption cipher to mitigate the Terrapin SSH attack using the following commands: bash Copy code echo 'Ciphers -<email address hidden>' > /etc/ssh/sshd_config.d/anti-terrapin-attack.conf echo 'Ciphers -<email address hidden>' > /etc/ssh/ssh_config.d/anti-terrapin-attack.conf systemctl restart sshd However, despite these steps, the cipher is still appearing as available. Steps to Reproduce: Edit /etc/ssh/sshd_config.d/anti-terrapin-attack.conf to include Ciphers -<email address hidden>. Edit /etc/ssh/ssh_config.d/anti-terrapin-attack.conf similarly. Restart the SSH daemon using systemctl restart sshd. Check the available ciphers using ssh -Q cipher. Expected Behavior: The ChaCha20-Poly1305 cipher should be disabled and not listed among the available ciphers after making the above configuration changes and restarting SSH. Actual Behavior: Despite the configuration changes and SSH daemon restart, the ChaCha20-Poly1305 cipher continues to appear in the list of available ciphers. Additional Information: Operating System: [Insert OS version] SSH Version: [Insert SSH version] Output of ssh -Q cipher before and after attempted configuration changes. Any relevant logs or error messages from /var/log/auth.log or SSH logs. Resolution Attempted: Editing sshd_config and ssh_config files as described. Restarting SSH daemon. Impact: The continued availability of the ChaCha20-Poly1305 cipher leaves the system vulnerable to the Terrapin SSH attack, impacting security. Next Steps: Investigate if there are additional configuration changes required or if a different approach is needed to effectively disable the cipher. Consult SSH documentation or community forums for insights or similar reported issues. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2070326 Title: Unable to Disable ChaCha20-Poly1305 Encryption to Mitigate Terrapin SSH Attack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2070326/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
