Terrapin attack on SSH: what do you need to know

This page summarizes the projects mentioned and recommended in the original post on dev.to
Openwrt openwrt-sdk openwrt-imagebuilder Docker

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • Terrapin-Scanner

    This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

    • We will show how to disable the affected ciphers on the example of Debian. We will use Docker to make this reproducible. Then we will verify our configuration using vulnerability scanner provided by the authors of the paper.

  • dropbear

    Dropbear SSH

    • # docker run -it --rm debian:latest # then run the following commands apt-get update apt-get install -y git wget build-essential zlib1g-dev git clone https://github.com/mkj/dropbear cd dropbear # here we disable ChaCha20Poly1305 and enable GCM instead # CBC is disabled by default env CFLAGS='-DDROPBEAR_CHACHA20POLY1305=0 -DDROPBEAR_ENABLE_GCM_MODE=1' ./configure make make install # check if dropbear is vulnerable dropbear -R wget https://github.com/RUB-NDS/Terrapin-Scanner/releases/download/v1.1.0/Terrapin_Scanner_Linux_amd64 chmod +x Terrapin_Scanner_Linux_amd64 ./Terrapin_Scanner_Linux_amd64 -connect 127.0.0.1:22 pkill dropbear

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • docker

    Docker containers of the ImageBuilder and SDK (by openwrt)

    • For this Linux distribution you need cross compiler to recompile Dropbear. The easiest way to get it is to use official Docker image.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • ~40% of top 25000 websites have IPv6

    1 project | /r/ipv6 | 21 Dec 2022

  • How to run Docker with Openwrt as host

    2 projects | /r/openwrt | 25 Jan 2022

  • Docker ist SRC-NATing my IPv6 Traffic

    1 project | /r/ipv6 | 15 Nov 2021

  • Has anyone tried running OpenWRT in a docker container? I

    2 projects | /r/openwrt | 20 Aug 2021

  • Crosspost: IPv6 in Docker

    2 projects | /r/ipv6 | 30 Jun 2021