"The Standard Is Broken" - Vulnerabilities Discovered In SSH

With their work "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation", researchers uncover critical vulnerabilities in the Internet standard SSH, which is used over 15 million times.

Screen View

Copyright: CASA, Schwettmann

Prof. Jörg Schwenk. Copyright: CASA

Fabian Bäumer. Copyright: Privat

Marcus Brinkmann. Copyright: Privat

Cryptographic protocols work in the background whenever we are online to enable secure communication within the network. Apart from the popular TLS protocol, SSH (Secure Shell) is primarily used where servers are administered remotely. Researchers Marcus Brinkmann, Fabian Bäumer and Prof. Jörg Schwenk from the Chair of Network and Data Security at Ruhr-Universität Bochum have now discovered critical vulnerabilities within this protocol. " What we have basically discovered is that some security-relevant parts of the standard are broken," explains Marcus Brinkmann. Attackers can thus be able to delete data from the secure connection. The team from the Faculty of Computer Science recently published their research finding to ensure that the vulnerabilities can be fixed quickly. SSH software providers have already been informed in advance as part of a "Responsible Disclosure" procedure.

Attackers Can Gain Full Control Of The Entire Server

"Since SSH is a protocol that is primarily used by system administrators, it is less well known to the public than TLS, for example. But attacks on SSH can be more critical because, in the worst-case scenario, attackers can gain full control of the entire server through such a vulnerability," explains Fabian Bäumer. There are over 15 million servers on the Internet that support this protocol. SSH is also used in network devices such as routers. That's why the work, part of a research project of the Cluster of Excellence CASA "Cyber Security in the Age of Large-Scale Adversaries", is relevant for companies worldwide. Until December 18, 2023, it was subject to a (news) embargo as part of responsible disclosure. Such an embargo gives companies sufficient time to rectify the vulnerabilities discovered by the scientists.

Their discovery is special because SSH is a standard security protocol that was considered reliable, especially since new algorithms were developed for it almost 10 years ago. " Attacks that were known were related to the initial key exchange or the connection security. This is the first time we have considered both components together," explains Fabian Bäumer. This new approach to the cryptography of the protocol enabled the researchers to discover that attackers cannot read encrypted messages using a man-in-the-middle attack, but can delete them at the beginning of the connection in order to reduce the security of the connection.

"Such an attack requires special resources," says Fabian Bäumer. " Normally, it is rarely possible for a normal attacker to act as a man-in-the-middle, but if we imagine attackers with extensive resources, such as nation states, it is certainly conceivable." The work is thus an example of the groundbreaking research at the CASA Cluster of Excellence - Cybersecurity in the Age of Large-Scale Adversaries - which aims to make a fundamental contribution to the digital security of business, politics and society.

New Versions Must Be Installed Quickly

But the researchers warn that there is no reason to panic. It is true that, in principle, everyone who uses SSH in any way is affected. However, as numerous providers, including the developers of the open source implementation OpenSSH, were notified in advance, these vulnerabilities have in most cases already been fixed in the software - these new versions must now be installed quickly. For administrators, the researchers offer a "Vulnerability Scanner" to find out whether their client or server is vulnerable. You can access the scanner via this link and the preprint of the paper here.

Press Contact:

Fabian Bäumer
Network and Data Security
Raum: ID 2/415
Tel.: (+49)(0)234 / 32 – 29030
E-Mail: fabian.baeumer(at)

General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.