Information
Encrypt-then-MAC (EtM) - The ciphertext is generated by encrypting the plaintext and then appending a MAC of the encrypted plaintext
There is an effective attack against SSH's use of Cypher-Block-Chaining (CBC) with Encrypt-then-MAC as referenced in CVE-2023-48795
Solution
Note:
- The commands below are written for the included DEFAULT system-wide crypto policy. If another policy is in use and follows local site policy, replace DEFAULT with the name of your system-wide crypto policy.
- EtM can be turned off globally by using the argument etm opposed to etm@SSH
- Multiple subpolicies may be assigned to a policy as a colon separated list. e.g. DEFAULT:NO-SHA1:NO-SSHCBC
- Subpolicies:
- Not included in the update-crypto-policies --set command will not be applied to the system wide crypto policy.
- must exist before they can be applied to the system wide crypto policy.
- pmod file filenames must be in all upper case, upper case, e.g. NO-SSHCHACHA20.pmod or they will not be read by the update-crypto-policies --set command.
- IF - CVE-2023-48795 has been addressed, and it meets local site policy, this recommendation may be skipped.
Create or edit a file in /etc/crypto-policies/policies/modules/ ending inpmod and add or modify the following line:
etm@SSH = DISABLE_ETM # This disables EtM for openSSH and libssh
Example:
# printf '%s
' "# This is a subpolicy to disable Encrypt then MAC" "# for the SSH protocol (libssh and OpenSSH)" "etm@SSH = DISABLE_ETM" >> /etc/crypto-policies/policies/modules/NO-SSHETM.pmod
Run the following command to update the system-wide cryptographic policy
# update-crypto-policies --set <CRYPTO_POLICY>:<CRYPTO_SUBPOLICY1>:<CRYPTO_SUBPOLICY2>:<CRYPTO_SUBPOLICY3>
Example:
# update-crypto-policies --set DEFAULT:NO-SHA1:NO-WEAKMAC:NO-SSHCBC:NO-SSHCHACHA20:NO-SSHETM
Run the following command to reboot the system to make your cryptographic settings effective for already running services and applications:
# reboot