Hi,

today we discovered that the ssh services exposed on

provo-mirror.opensuse.org (91.193.113.70)
status2.opensuse.org (91.193.113.72)

are vulnerable to the Terrapin attack (https://terrapin-attack.com). See below output.

Please network filter those ports (and other ssh services you may have under different ports) to have access only from the static IPs of the admins.
As a workaround if admins don't have a static IP, they could use a jump host or the filter could be widened e.g. to their ISP ASN.

mdaltin@linux-x1fm:~/go/bin> ./Terrapin-Scanner -connect 91.193.113.72¶

==================================== Report ====================================¶

Remote Banner: SSH-2.0-OpenSSH_8.4

ChaCha20-Poly1305 support: true
CBC-EtM support: false

Strict key exchange support: false

==> The scanned peer is VULNERABLE to Terrapin.

Note: This tool is provided as is, with no warranty whatsoever. It determines
the vulnerability of a peer by checking the supported algorithms and
support for strict key exchange. It may falsely claim a peer to be
vulnerable if the vendor supports countermeasures other than strict key
exchange.

For more details visit our website available at https://terrapin-attack.com

mdaltin@linux-x1fm:~/go/bin> ./Terrapin-Scanner -connect 91.193.113.210¶

==================================== Report ====================================¶

Remote Banner: SSH-2.0-OpenSSH_7.9

ChaCha20-Poly1305 support: true
CBC-EtM support: false

Strict key exchange support: false

==> The scanned peer is VULNERABLE to Terrapin.

Note: This tool is provided as is, with no warranty whatsoever. It determines
the vulnerability of a peer by checking the supported algorithms and
support for strict key exchange. It may falsely claim a peer to be
vulnerable if the vendor supports countermeasures other than strict key
exchange.

For more details visit our website available at https://terrapin-attack.com