gitlab-sshd possibly vulnerable to Terrapin attack
According to the Terrapin scanner the gitlab-sshd service is vulnerable to the Terrapin attack.
Our organisation is currently using version 16.7.2 of the Gitlab CE Debian package. On this version, gitlab-sshd is vulnerable in its default configuration.
Running the scan on gitlab.com provides the following result:
$ docker run --rm -it ghcr.io/rub-nds/terrapin-scanner --connect gitlab.com
================================================================================
==================================== Report ====================================
================================================================================
Remote Banner: SSH-2.0-GitLab-SSHD
ChaCha20-Poly1305 support: true
CBC-EtM support: false
Strict key exchange support: false
The scanned peer is VULNERABLE to Terrapin.
Note: This tool is provided as is, with no warranty whatsoever. It determines
the vulnerability of a peer by checking the supported algorithms and
support for strict key exchange. It may falsely claim a peer to be
vulnerable if the vendor supports countermeasures other than strict key
exchange.
For more details visit our website available at https://terrapin-attack.comThe Terrapin authors recommend enabling the kex-strict-s-v00@openssh.com kex algorithm. However, when I add it to the list of supported kex algorithms in my gitlab.rb file the ssh daemon only serves the algorithms configured here.
Configuration example with kex-strict-s-v00@openssh.com:
gitlab_sshd['kex_algorithms'] = ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1", "kex-strict-s-v00@openssh.com"]Until gitlab-sshd supports the strict key exchange the authors recommend disabling the vulnerable chacha20-poly1305@openssh.com cipher:
gitlab_sshd['ciphers'] = ["aes128-gcm@openssh.com", "aes256-gcm@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr"]