The Terrapin Attack Vulnerability in the SSH Protocol - How to Stay Secure
The Secure Shell (SSH) is a widely-used protocol that provides (remote) secure access to servers, services, and applications - and between them for automated file transfers. These connections are measured in the millions per week.
SSH is also short for SSH Communication Security and that’s us: the company that invented the protocol. So when we heard the news about a new vulnerability (CVE-2023-48795) dubbed Terrapin that can downgrade the security of SSH connections, we took note.
Contents
What is the impact?
What is the Terrapin attack?
Start by discovering the extent of your Terrapin SSH risk posture
What is the impact?
The good news is that the vulnerability is not serious but rather considered to be moderate by our own estimate and that of RedHat, for example. The bad news naturally is that this type of attack is possible to carry out, even if it’s unlikely. This is also a vulnerability with a wide reach across multiple products and ciphers, which is relatively rare.
What is the Terrapin attack?
Terrapin is a prefix truncation attack against the SSH protocol and can allow the attacker to use downgraded secure signature algorithms and shut off certain security measures against keystroke timing attacks in OpenSSH. This opens a door to man-in-the-middle (MitM) attacks, but the bad actor needs to be able to snatch the connection. Moreover, the session has to be protected by either a ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption modes. The two encryption modes are widely in use all over the world.
For a more detailed description of the Terrapin attack, please refer to the https://terrapin-attack.com/ page.
Start by discovering the extent of your Terrapin SSH risk posture
As primary experts in the Secure Shell protocol, we have developed tools that can help companies secure their networks, many of which use the SSH protocol extensively. Even if the Terrapin vulnerability’s impact is not considered to be serious for your organization, it is a reminder for organizations to take Secure Shell governance an often neglected area of governance seriously.
We can flag the servers that are vulnerable to the Terrapin attack so that you can upgrade the vulnerable servers at your own pace without wasting time on finding them. We offer an SSH Risk Assessment Service that flags the SSH servers that are vulnerable to the Terrapin attack and gives you an overview of the problem. Our professional team can then help you to upgrade them if needed.
Our risk assessment helps you also:
- Discover SSH keys, the authentication credentials in the SSH protocol, whose numbers easily reach hundreds of thousands in large IT environments.
- Find policy and compliance violations such as the use of weak cryptographic algorithms, insufficient key size, connections crossing production/non-production boundaries, etc.
- Prepare for IT audits by producing a comprehensive report on the state of your environment and providing recommendations for addressing violations.
- Prevent security control bypassing, such as PAM bypass, which is often conducted by using SSH keys.
- Get recommended next steps on how to put keys under proper governance.
There’s also a quick start to improved SSH security posture: our SSHerlock Discovery & Audit Self-service tool. You can sign up here to get started.
And don’t forget about Universal SSH Key Manager – the most comprehensive SSH key lifecycle management software on the planet that allows customers to migrate to a completely keyless authentication model.
Juuso Jahnukainen
Technical Product Manager