A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).
To mitigate this issue, OpenSSH clients operating in FIPS mode should avoid negotiating the diffie-hellman-group-exchange-sha256 key exchange algorithm. This can be achieved by explicitly listing allowed key exchange algorithms in the client's SSH configuration file (e.g., /etc/ssh/ssh_config or ~/.ssh/config), ensuring diffie-hellman-group-exchange-sha256 is not included. For example, to use a subset of common algorithms, you might configure:
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1
(Note: The above example KexAlgorithms list is illustrative and should be adjusted based on your environment's security requirements.)
Additionally, avoid using non-fatal client flows, such as ssh-keyscan, against untrusted SSH servers while FIPS mode is enabled. Changes to ssh_config will take effect for new SSH connections.