The Secure Shell (SSH) protocol serves as the backbone of modern network administration, providing encrypted remote access to virtually every server, network device and embedded system in enterprise environments. From routers and switches to industrial control systems and cloud instances, SSH has become the de facto standard for secure command-line access across infrastructure.
This ubiquity makes recent findings from security researcher HD Moore particularly alarming. At the DEF CON 33 conference, Moore, who is the founder and CEO of runZero, presented results from his firm’s internet-wide scanning that revealed persistent vulnerabilities across SSH implementations, affecting major networking vendors. The research also identified critical security gaps in industrial equipment, file transfer solutions, and countless network appliances that form the foundation of enterprise connectivity.
“If I look at SSH across the internet, it is actually the second-most-common admin protocol exposed on the internet behind HTTP,” Moore said. “So there’s more SSH out there than there is almost anything else.”
Critical vulnerabilities continue emerging across implementations
The past year has produced several high-impact SSH vulnerabilities that Moore said clearly demonstrate the protocol’s evolving threat landscape.
The Terrapin Attack (CVE-2023-48795) showed how attackers could manipulate TCP sessions to force selection of weaker cryptographic algorithms, potentially compromising session integrity across any affected SSH implementation.
The XZ Utils backdoor (CVE-2024-3094) represented perhaps the most sophisticated supply chain attack targeting SSH infrastructure. Moore explained that the attacker spent years building trust within the open-source community before inserting a backdoor specifically designed to compromise SSH through systemd integration.
RegreSSHion (CVE-2024-6387) proved particularly dangerous, enabling unauthenticated remote code execution through a signal reentrance vulnerability in OpenSSH. The vulnerability affected countless Linux systems and network appliances running vulnerable OpenSSH versions, though exploitation proved challenging due to modern memory protections.
The MOVEit vulnerability (CVE-2024-5806) demonstrated how third-party SSH libraries could introduce unexpected attack vectors. In this case, the IPWorks SSH library treated public key authentication data as file paths, enabling authentication bypass.
Internet-wide scanning reveals persistent exposure patterns
It’s bad enough that there have been many publicly disclosed SSH issues. What makes it potentially even worse is how open so many SSH servers are to the public internet.
Moore’s comprehensive scanning of IPv4 space revealed significant trends in SSH exposure. The research identified approximately 22 million addresses with port 22 open, down from 27 million in 2024. Port 22 is the default networking port used for SSH. Of this 22 million, the scan was able to get to an SSH authentication stage on 15.4 million devices.
The data showed concerning patterns in implementation diversity. While OpenSSH and Dropbear account for roughly 98% of SSH implementations, the remaining 2% consists of embedded devices, network equipment and specialized applications that frequently contain vulnerabilities. These non-standard implementations often appear in critical infrastructure components including industrial control systems, network appliances and file transfer solutions.
Patch adoption remains critically low
One of the most troubling findings concerned the adoption rate of security improvements.
OpenSSH 9.8 introduced PerSourcePenalties, a default rate limiting feature designed to mitigate various attack vectors. However, Moore’s research found minimal real-world deployment.
According to Moore’s research, of the approximately 20 million exposed OpenSSH servers, less than 500,000 are running 9.8 or newer. Stats are higher on corporate networks, but he noted that modern OpenSSH adoption is a long road.
This represents less than 2.5% adoption of the security-enhanced version among internet-facing SSH servers. The situation with Dropbear implementations appears worse, as this SSH daemon lacks similar rate limiting protections, according to Moore’s findings.
New attack vectors target authentication mechanisms
Moore’s team discovered multiple new authentication bypass techniques during their research, though specific details remained under responsible disclosure at the time of the presentation.
The research demonstrated various methods for circumventing SSH authentication, including manipulation of authentication method lists, public key testing vulnerabilities and pre-authentication state transition attacks.
The primary technology that Moore’s team used is the open-source SSHamble tool that the company developed on its own.
Recommendations for network security teams
While the current state of SSH security on the open internet is sorely lacking, there are steps that organizations can take to help reduce risk and harden security. During the presentation Moore outlined a number of recommendations including:
- Implement aggressive patch management for SSH implementations, particularly focusing on OpenSSH 9.8 or newer versions that include rate limiting protections. Given the low adoption rates observed in Moore’s research, organizations maintaining current patch levels will significantly reduce their attack surface.
- Conduct comprehensive SSH inventory across all network segments, including embedded devices, network equipment and industrial systems that may run non-standard SSH implementations. These systems often receive less security attention but represent significant risk vectors.
- Deploy network monitoring to detect SSH-based attacks and reconnaissance activities. Moore’s research demonstrates that attackers can rapidly enumerate vulnerable systems, making early detection crucial for incident response.
- Eliminate password-based authentication in favor of key-based authentication with proper key management. Organizations should regularly audit SSH keys for compromise using tools like BadKeys.info and implement key rotation policies.
- Monitor for SSH host key reuse across systems, as duplicate keys can indicate inadvertent internet exposure or compromise. The inside-out detection techniques demonstrated in Moore’s research provide a model for this type of assessment.
- Implement network segmentation to limit SSH access to administrative networks and require VPN or bastion host access for remote administration. This reduces the attack surface for internet-based SSH reconnaissance and exploitation.
Source:: Network World