Introduction

SSH (Secure Shell) serves as a crucial internet standard, providing secure access to network services, including remote terminal login and file transfer across organizational networks and over 15 million servers on the open internet.

Terrapin Attack Overview

The Terrapin attack, a prefix truncation assault on the SSH protocol, disrupts the integrity of the secure channel by manipulating sequence numbers during the handshake. This manipulation allows an attacker to remove messages at the channel’s initiation, downgrading connection security by truncating extension negotiation messages. Such truncation can compromise client authentication algorithms and deactivate specific countermeasures in OpenSSH 9.5.

Implementation Flaws and Exploitation

Terrapin extends its impact by exploiting implementation flaws. Weaknesses in the AsyncSSH servers’ state machine enable attackers to sign a victim’s client into another account unnoticed, potentially granting Man-in-the-Middle capabilities within encrypted sessions and facilitating strong phishing attacks.

Practical Considerations

To execute the Terrapin attack, a Man-in-the-Middle attacker with network layer interception capabilities is required. The connection must be secured using ChaCha20-Poly1305 or CBC with Encrypt-then-MAC, a configuration found in the majority of real-world SSH sessions according to a comprehensive scan.

Vulnerability Scanner

A vulnerability scanner, provided in Go, enables users to assess SSH server or client vulnerability to the Terrapin attack. It checks for susceptible encryption modes and the support of the strict key exchange countermeasure, without executing the full attack.

./Terrapin_Scanner_MacOS_arm64_darwin -connect rhel.example.com
  • output for VULNERABLE host
================================================================================
==================================== Report ====================================
================================================================================

Remote Banner: SSH-2.0-OpenSSH_8.7

ChaCha20-Poly1305 support:   true
CBC-EtM support:             false

Strict key exchange support: false

The scanned peer is VULNERABLE to Terrapin.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key
      exchange.

For more details visit our website available at https://terrapin-attack.com
  • usage
Terrapin Vulnerability Scanner v1.1.0
Usage of ./Terrapin_Scanner_MacOS_arm64_darwin:
  -connect string
      Address to connect to for server-side scans. Format: <host>[:port]
  -help
      Prints this usage help to the user.
  -json
      Outputs the scan result as json. Can be useful when calling the scanner from a script.
  -listen string
      Address to bind to for client-side scans. Format: [host:]<port>
  -no-color
      Disables colored output.
  -version
      Prints the version of this tool.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key
      exchange.

For more details visit our website available at https://terrapin-attack.com

FAQs and Mitigation

System administrators are advised not to panic, as the attack necessitates specific conditions. Mitigations include temporarily disabling vulnerable encryption modes or applying patches provided by SSH implementations. Potential attacker gains include extension downgrade attacks impacting RSA public key authentication and exploitation of implementation flaws.

Vulnerability and CVE Numbers

The Terrapin vulnerability affects a broad range of SSH implementations, with assigned CVE numbers highlighting general protocol flaws and specific attacks in AsyncSSH. Vendors have responded with updates, introducing an optional strict key exchange countermeasure.

  • CVE-2023–48795: General Protocol Flaw
  • CVE-2023–46445: Rogue Extension Negotiation Attack in AsyncSSH
  • CVE-2023–46446: Rogue Session Attack in AsyncSSH

Attack Practicality and Naming

Terrapin’s practicality depends on a local network’s accessibility to Man-in-the-Middle attackers and the use of vulnerable encryption modes. The attack’s uniqueness and severity are underscored by its status as the first practically exploitable prefix truncation attack, deserving a name and recognition.

Responsible Disclosure Timeline

The responsible disclosure timeline details engagements with OpenSSH, AsyncSSH, other SSH implementation vendors, and CERT authorities, leading to patches and public disclosure.

Conclusion

Terrapin presents a significant threat to SSH security, requiring a collective effort from the community to raise awareness, implement countermeasures, and safeguard encrypted sessions. The disclosed information, including a vulnerability scanner and patches, aids users and administrators in assessing and mitigating the risks associated with the Terrapin attack.

Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my Udemy 300+ Lessons Video Course.

BUY the Complete Udemy 300+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Want to keep this project going? Please donate

Patreon Buy me a Pizza