It's hard to overstate the importance of SSH in securing home networks, massive cloud centers and everything in between. Now, researchers have devised a novel cryptographic attack that breaks integrity of this widely used protocol. Dubbed Terrapin, it's the first-ever practical attack of its kind, and one of the very few attacks against SSH at all. Terrapin exploits weaknesses in the specification of SSH when paired with widespread algorithms (ChaCha20-Poly1305 and CBC-EtM) to remove an arbitrary number of protected messages at the beginning of the secure channel, thus breaking integrity. In practice, the attack can be used to impede the negotiation of certain security-relevant protocol extensions. Moreover, Terrapin enables more advanced exploitation techniques when combined with particular implementation flaws, leading to a total loss of confidentiality and integrity in the worst case.