Does FileZilla need to react to the Terrapin vulnerability in the SSH protocol, for client or server?
https://terrapin-attack.com/
Terrapin security vulernability
Moderator: Project members
Re: Terrapin security vulernability
Yes, this eventually needs to be addressed. Note that the client prefers ciphers that are not affected by this protocol vulnerability.
Re: Terrapin security vulernability
> Note that the client prefers ciphers that are not affected by this protocol vulnerability.
What ciphers might those preferred ones be?
I removed some of the affected ciphers from my sshd servers, and now FileZilla refuses to connect.
I notice in the Debug menu item, there is a list of TLS ciphers that are preferred.
Is there a similar list for ssh connections?
thx.
What ciphers might those preferred ones be?
I removed some of the affected ciphers from my sshd servers, and now FileZilla refuses to connect.
I've spend a day trying to find ciphers that Filezilla prefers, but came up empty.
From the message log...
Status: Connecting to [redacted]...
Response: fzSftp started, protocol_version=11
Command: open [redacted]
Error: The first client-to-server cipher supported by the server is aes256-gcm@openssh.com, which is no longer secure. Aborting connection.
Error: Could not connect to server
version 3.66.4 running on Windows 10, 64-bit
I notice in the Debug menu item, there is a list of TLS ciphers that are preferred.
Is there a similar list for ssh connections?
thx.
Re: Terrapin security vulernability
The SFTP implementation in FileZilla is based on PuTTY and shares some of its settings. Check your PuTTY configuration, maybe you have moved AES-GCM to the list of insecure ciphers at some point?
Re: Terrapin security vulernability
That was it!
putty recently updated its ciphers because of the ssh issue.
The second one -- AES (SSH-2 only) -- was the cipher I had to move above the "warn below here" line.
Now that I know how to select the ciphers in Filezilla, I can get my ssh stuff squared away.
Many thanks for the quick answer.
putty recently updated its ciphers because of the ssh issue.
The second one -- AES (SSH-2 only) -- was the cipher I had to move above the "warn below here" line.
Now that I know how to select the ciphers in Filezilla, I can get my ssh stuff squared away.
Many thanks for the quick answer.