Defending Against Terrapin Attacks

A recent vulnerability, titled “Terrapin,” (CVE-2023-48795) has been discovered in SSH connections where attackers can bypass integrity checks and downgrade the security of a connection between a host and client machine. This attack, which can only occur with someone who can act as a man-in-the-middle (MitM), targets the extension negotiator¹ within the SSH protocol, compromising the integrity of the secure channel and essentially reducing your SSH connection to a vulnerable state similar to that of an RSH (Remote Shell) connection.

How Terrapin Exploits the SSH Handshake

An SSH connection is like a digital tunnel linking two machines together through the Internet.

One of the easiest ways to explain the Terrapin attack is with the following diagram2 of a simple socket connection below:

Each step is numbered to correlate with the steps within the diagram.

Step 1. During a SSH handshake connection, the host first sends a synchronization request to the client.

Step 2. The client replies with an acknowledgement and synchronizes with the host.

Step 3. From here the attacker (man in the middle), injects a purposely ignored packet (more on this later).

Step 4. Having established a successful sync and sync/ack, the client and host exchange keys.

Step 5. Depending on the type of SSH connection, a client and host would carry out their algorithm and extension negotiation either before or after exchanging keys. With our example, we are assuming that this negotiation occurs after the exchange of keys.

Step 6. The message that contains the client’s supported extensions is truncated by the attacker. Though packet deletion (or truncation) is commonly detected by either the client or host (due to mismatched sequence numbers), it goes undetected here because of the purposely injected, ignored packet sent earlier, which offsets the sequence numbers accordingly.

What is the significance of dropping that extension message? If the attacker prevents the client from sending the extension negotiation message to the host, this can result in both the host and client machines agreeing to utilize less secure client authentication algorithms in addition to deactivating security countermeasures (such as keystroke timing attacks).

How to Defend Yourself Against Terrapin Attacks

SSH No Ports is the permanent networking solution developed by Atsign® to defend yourself against Terrapin Attacks. With SSH No Ports, you can SSH to any device without a man-in-the-middle attack surface. This simple diagram shows how SSH No Ports is protected from Terrapin Attacks:

To explain how this works, let’s start from the very far left in the client domain. Within this domain, before an SSH connection is established with the device, the client communicates locally with SSH No Ports’ client rendezvous port. From here, this port encrypts all information before being transmitted through the Internet. The client’s socket rendezvous communicates directly with Atsign’s Socket Rendezvous (SR). The device’s rendezvous then connects to the SR. From here, the SR can connect the client rendezvous socket directly to the device’s rendezvous socket. With this, the two machines can now carry out and establish an SSH connection. One important thing to note about the atProtocol® is that devices can only make outbound connections (as displayed in the diagram). If you are interested in how this works more in depth, the atProtocol is open source and can be found on the Atsign-Foundation GitHub. If you are also interested in how SSH No Ports works in more depth, you may read the documentation here.

If an attacker attempts a man-in-the-middle attack with this architecture, they would have very little to work with as any attempt in disturbing the communication between the two machines will result in termination of the connection. Why is this? Since our client’s rendezvous port has encrypted the transmission before being sent out to the Internet, even if an attacker intercepts this message, they would be incapable of reading its information as it is encrypted. If an attacker tries to inject information into the outbound message, they won’t possess the keys needed for decryption, resulting in junk being added. Consequently, the decryption process of the device’s rendezvous port will fail.

Closing Notes

It is important to understand vulnerabilities if you wish to maintain integrity of your network architecture and system. Atsign’s approach of SSH No Ports not only defends against man-in-the-middle attacks such as Terrapin, but creates a powerful shield against many other attack surfaces.

Learn more:

Have a question?

Contact us at

Join our Discord and talk to us!

¹The targeted extension negotiator within the SSH protocol is the RFC 8308.

²This diagram was recreated to display simplicity. The original diagram can be found on the Terrapin-Attack site.