Skip to main content
Skip table of contents

Mitigate Terrapin Vulnerability through Registry Parameter in IGEL OS

To mitigate ISN 2023-39: SSH Terrapin Vulnerability, you can enable a registry parameter that will disable weak MACs and Chipers to prevent terrapin attacks. For more information on terrapin attacks and the related CVE-2023-48795, see https://terrapin-attack.com/ and https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-48795.

If you use OpenSSH 9.6p1 both on the client and server there is no need to use this registry parameter. IGEL OS versions 11.09.210 or higher use the latest OpenSSH 9.6p1. when you use this version or newer on the peer, they will automatically use the new "strict KEX" protocol extension.


To enable Terrapin mitigation through the registry parameter:

  1. In IGEL Setup, go to System > Registry > network > ssh_server > enable_terrapin_mitigation.

  2. Enable the parameter.

  3. Click Apply or OK to save the change.

The following options vulnerable to Terrapin attack are disabled:

    • the ChaCha20-Poly1305 cipher
    • all -cbc ciphers
    • all -ctr ciphers
    • all -etm@openssh.com macs

If you want to deactivate SSH completely, follow the instructions in Disabling SSH Access.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close