Terrapin Attack for prefix injection in SSH

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Security SSH C ssh-server ssh-client

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • ssh-audit

    SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) (by jtesta)

    • No. Mitigations are available now. Follow the recommendations from ssh-audit (master version). [0]

    0. https://github.com/jtesta/ssh-audit

  • openssh-portable

    Portable OpenSSH

    • Unless I'm misunderstanding what this is about RFC5647 merely points out that the sequence number is included as AAD due to RFC4253 requirements. The [email protected] specification is not exactly the most rigorous thing I've ever seen (https://github.com/openssh/openssh-portable/blob/master/PROT...) but reading it, the sequence number is only included in the IV, and not as AAD, which directly runs afoul of the RFC4253 section 6.4 requirement for it to be included in the MAC.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • ssh-mitm

    SSH-MITM - ssh audits made simple (by ssh-mitm)

    • There is now an issue ticket in ssh-mitm to discuss the similarities between ssh-mitm and terrapin attack: https://github.com/ssh-mitm/ssh-mitm/issues/165

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts