Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    System Patches Package v2.2.9_1

    pfSense Packages
    2
    2
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by jimp

      System Patches Package v2.2.9_1 is now available.

      This version adds a recommended patch with a workaround for the Terrapin SSH Attack.

      This version of the System Patches Package adds a recommended patch entry with a workaround for the Terrapin SSH Attack.

      This is not a significant concern unless SSH is exposed to untrusted networks.

      The workaround in this patch disables support in the SSH daemon for the ChaCha20-Poly1305 encryption algorithm and several ETM MAC algorithms which are succeptible to the attack.

      To activate the workaround:

      1. Install or Upgrade the System Patches package under System > Package Manager

        WARNING: If you are not on the latest release (Plus 23.09.1, CE 2.7.2), ensure the update URL under System > Update is configured to stay on your current version before attempting to install or update any packages.

      2. Navigate to System > Patches

      3. Click the Apply button on the Terrapin workaround entry in the Recommended System Patches area

        Alternately, click Apply All Recommended

      4. Restart the SSH daemon (e.g. from Status > Services) or reboot the device.

      After activating the workaround, make sure that any necessary SSH clients can still connect.

      For more information or for a patch to apply manually, see: https://forum.netgate.com/topic/184941/terrapin-ssh-attack

      EDIT: Version 2.2.9_1 is a very minor update that only adds a performance improvement patch specific to the new Netgate 4200 system. The patch will only display in the recommended patches list on the Netgate 4200 as the change does not apply to any other current device.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 12
      • jimpJ jimp referenced this topic on
      • jimpJ jimp referenced this topic on
      • jimpJ jimp pinned this topic on
      • L
        Lazer13
        last edited by

        This breaks connectivity from windows terminal openssh which is at OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3 currently in win11.
        No one-click way to get that updated.

        Also putty 0.62 didn't work but the latest 0.80 does work fine from windows.

        Just a heads up.

        /Lars

        1 Reply Last reply Reply Quote 1
        • jimpJ jimp unpinned this topic on
        • First post
          Last post