Seems like every other day OpenSSH seems to be under fire. This is in all honesty a good thing, finding and disclosing these things is good for everyone. But I have said it before, and I’ll say it again. If you are running a homelab and have SSH exposed, please consider running a VPN instead.
Yes, VPN servers have their own set of issues, but just unplugging or turning it off is a bit easier than dealing with SSH in most cases.
Anyway, here’s the meat of the Vulnerability and a link to where I first heard of it.
CVE-2024-6409
https://nvd.nist.gov/vuln/detail/CVE-2024-6409
Affects: OpenSSH versions 8.7 and 8.8
Mitigations:
Apply Patches:
This one is the gold standard of course. If you are patching manually, set a schedule, or even better set up a cron job, ansible script, something to keep those machines patched.
Configuration Adjustments:
setting LoginGraceTime to 0 seems to mitigate this and some other vulns
Monitoring:
More of an after the fact job, but at least you know right? Make sure you have alerts or some way of making monitoring meaningful.
In short, keep an eye out
Technology Projects | Home Lab info