027
EXH-0272023Fictional reconstruction
sequence_number++
December 2023. Researchers show a middlebox can truncate the SSH handshake just before NEWKEYS, downgrading your channel without triggering the hostkey warning you were trained to trust.
Type
Defensive / IR
Difficulty
Intermediate
Era
2020s
Time
8 min
Briefing
Terrapin is real but niche, attacker needs MitM. Your execs still deserve a crisp explanation.
Your role
Cryptography engineer validating `ssh -Q kex` output against the vendor bulletin before your fleet patch window.
Objective
Read the briefing, inspect sshd_config for vulnerable default KEX proposals, and grep auth logs for handshake reset lines.
Terminal environment
- user
- crypto
- host
- bastion-lab
- cwd
- /ssh/terrapin-workbench
- steps
- 3
Enter the terminalAbout 8 minutesSafe simulation
Safety note. This is a safe reconstruction. All systems, files, hosts, credentials, and outputs are simulated. Do not use these techniques on systems you do not own or have explicit permission to test.