Introduction
SSH (Secure Shell) serves as a crucial internet standard, providing secure access to network services, including remote terminal login and file transfer across organizational networks and over 15 million servers on the open internet.
Terrapin Attack Overview
The Terrapin attack, a prefix truncation assault on the SSH protocol, disrupts the integrity of the secure channel by manipulating sequence numbers during the handshake. This manipulation allows an attacker to remove messages at the channel’s initiation, downgrading connection security by truncating extension negotiation messages. Such truncation can compromise client authentication algorithms and deactivate specific countermeasures in OpenSSH 9.5.
Implementation Flaws and Exploitation
Terrapin extends its impact by exploiting implementation flaws. Weaknesses in the AsyncSSH servers’ state machine enable attackers to sign a victim’s client into another account unnoticed, potentially granting Man-in-the-Middle capabilities within encrypted sessions and facilitating strong phishing attacks.
Practical Considerations
To execute the Terrapin attack, a Man-in-the-Middle attacker with network layer interception capabilities is required. The connection must be secured using ChaCha20-Poly1305 or CBC with Encrypt-then-MAC, a configuration found in the majority of real-world SSH sessions according to a comprehensive scan.
Vulnerability Scanner
A vulnerability scanner, provided in Go, enables users to assess SSH server or client vulnerability to the Terrapin attack. It checks for susceptible encryption modes and the support of the strict key exchange countermeasure, without executing the full attack.
command line test for the host
rhel.example.com
./Terrapin_Scanner_MacOS_arm64_darwin -connect rhel.example.com
- output for VULNERABLE host
================================================================================
==================================== Report ====================================
================================================================================
Remote Banner: SSH-2.0-OpenSSH_8.7
ChaCha20-Poly1305 support: true
CBC-EtM support: false
Strict key exchange support: false
The scanned peer is VULNERABLE to Terrapin.
Note: This tool is provided as is, with no warranty whatsoever. It determines
the vulnerability of a peer by checking the supported algorithms and
support for strict key exchange. It may falsely claim a peer to be
vulnerable if the vendor supports countermeasures other than strict key
exchange.
For more details visit our website available at https://terrapin-attack.com
- usage
Terrapin Vulnerability Scanner v1.1.0
Usage of ./Terrapin_Scanner_MacOS_arm64_darwin:
-connect string
Address to connect to for server-side scans. Format: <host>[:port]
-help
Prints this usage help to the user.
-json
Outputs the scan result as json. Can be useful when calling the scanner from a script.
-listen string
Address to bind to for client-side scans. Format: [host:]<port>
-no-color
Disables colored output.
-version
Prints the version of this tool.
Note: This tool is provided as is, with no warranty whatsoever. It determines
the vulnerability of a peer by checking the supported algorithms and
support for strict key exchange. It may falsely claim a peer to be
vulnerable if the vendor supports countermeasures other than strict key
exchange.
For more details visit our website available at https://terrapin-attack.com
FAQs and Mitigation
System administrators are advised not to panic, as the attack necessitates specific conditions. Mitigations include temporarily disabling vulnerable encryption modes or applying patches provided by SSH implementations. Potential attacker gains include extension downgrade attacks impacting RSA public key authentication and exploitation of implementation flaws.
Vulnerability and CVE Numbers
The Terrapin vulnerability affects a broad range of SSH implementations, with assigned CVE numbers highlighting general protocol flaws and specific attacks in AsyncSSH. Vendors have responded with updates, introducing an optional strict key exchange countermeasure.
- CVE-2023–48795: General Protocol Flaw
- CVE-2023–46445: Rogue Extension Negotiation Attack in AsyncSSH
- CVE-2023–46446: Rogue Session Attack in AsyncSSH
Attack Practicality and Naming
Terrapin’s practicality depends on a local network’s accessibility to Man-in-the-Middle attackers and the use of vulnerable encryption modes. The attack’s uniqueness and severity are underscored by its status as the first practically exploitable prefix truncation attack, deserving a name and recognition.
Responsible Disclosure Timeline
The responsible disclosure timeline details engagements with OpenSSH, AsyncSSH, other SSH implementation vendors, and CERT authorities, leading to patches and public disclosure.
Links
- https://terrapin-attack.com/
- https://thenewstack.io/the-terrapin-attack-a-new-threat-to-ssh-integrity/
- https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
- https://www.theregister.com/2023/12/20/terrapin_attack_ssh
Conclusion
Terrapin presents a significant threat to SSH security, requiring a collective effort from the community to raise awareness, implement countermeasures, and safeguard encrypted sessions. The disclosed information, including a vulnerability scanner and patches, aids users and administrators in assessing and mitigating the risks associated with the Terrapin attack.
Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.Academy
Learn the Ansible automation technology with some real-life examples in my
Udemy 300+ Lessons Video Course.
My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate