FreePBX - SSH Terrapin Attack.... Sangoma's thoughts?

I’m just curious if anyone in the community has any thoughts on this:

Would just like to hear some open dialogue, and it would be really appreciated to hear something from a Sangoma representative.

While we hold our breath for something official the fix is below:


We can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.

Below strict set of Ciphers and MACs can be used as mitigation for RHEL 7.

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
MACs [email protected],[email protected],hmac-sha2-256,hmac-sha2-512


Remove the chacha cipher and etm macs from both config options which are currently configured.

ssh -Q cipher
ssh -Q mac
sshd -T | grep -e '^ciphers ’ -e '^macs ’

1 Like

Thank you @jfinstrom!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.