Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Comprimised SSH keys.

  1. #1
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Comprimised SSH keys.

    Is this something Zimbra users need to worry about?

    Linux under attack: Compromised SSH keys lead to rootkit | Zero Day | ZDNet.com

    If anyone has the time, how do these attacks work?

  2. #2
    Join Date
    Mar 2007
    Location
    Austin
    Posts
    441
    Rep Power
    8

    Default

    That one mostly seems to be targeting the flaw that Debian had in their SSH key generation. The attack would either target the flawed key, or try to use already stolen SSH keys to gain access. Then they install the rootkit.

    Debian / Ubuntu have already released fixes for this. If you use SSH keys for logging in, you may want to use a passphrase. And don't let anyone get your private keys.

  3. #3
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default

    And if you run an sshd that is visible to the outside world, either directly or via NAT, you should read this article, and implement one of the solutions -- I like the /etc/hosts.allow approach myself.

  4. #4
    Join Date
    Jan 2008
    Location
    Pretoria
    Posts
    133
    Rep Power
    7

    Default

    You should not be accessing a machine via SSH over any other medium than a VPN.
    Basic security should help you to avoid this vulnerability

  5. #5
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default

    Aw, that's horse-crap. If ssh isn't hardened enough to be on the edge, your VPN probably isn't either.

  6. #6
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    After reading at us-cert, I guess some SSH access is done using keys without passwords or passphrases. These are the ones at most risk. I'm having trouble believing someone would not be using a password for access but I guess it is happening.

  7. #7
    Join Date
    Jan 2008
    Location
    Pretoria
    Posts
    133
    Rep Power
    7

    Default

    Agree. Again, basic security. As for putting SSH on the edge - Good luck with that.
    Anyone remember that scene in the matrix where trinity uses the old ssh exploit to kick the door in on a server.
    Had to do that an old HP-UX box some years ago...

  8. #8
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    Agree. Again, basic security. As for putting SSH on the edge - Good luck with that.
    Anyone remember that scene in the matrix where trinity uses the old ssh exploit to kick the door in on a server.
    Had to do that an old HP-UX box some years ago...
    are you being serious?

  9. #9
    Join Date
    Jan 2008
    Location
    Pretoria
    Posts
    133
    Rep Power
    7

    Default

    About what? Putting ssh on the edge or exploiting the HP-UX box?

  10. #10
    Join Date
    Sep 2007
    Posts
    8
    Rep Power
    8

    Default Basic SSH security not that difficult

    This exploit should not threaten any site that has taken a few basic steps to secure ssh. At a minimum:

    - Don't allow root login on ssh, easy to configure in sshd_config
    - Don't use port 22 on any system accessible from the outside world. Add port in sshd_config and iptables to allow access via high numbered misc port, e.g. 53764
    - Note that Zimbra uses port 22 for internal admin, so use iptables to lockout outside access, add "-s localhost" to the port 22 config entry
    - Install and thoughtfully configure the denyhosts package to shutdown attackers after a few login attempts.

    Basic sysadmin practice, but well worth repeating for the benefit of all here.
    Macy Hallock - Hallock Consulting - Medina, Ohio

Similar Threads

  1. [SOLVED] ZCS 5.0.1 and admin console problems (SSH?)
    By nsmarler in forum Administrators
    Replies: 3
    Last Post: 07-21-2008, 10:23 PM
  2. [SOLVED] mail queues on non-standard SSH port
    By sjobeck in forum Administrators
    Replies: 7
    Last Post: 09-07-2007, 12:01 PM
  3. Mail Queue SSH Public Key problem
    By markymarknz in forum Installation
    Replies: 6
    Last Post: 06-05-2007, 04:43 PM
  4. SSH Password in mail.info Logfile
    By brad.moss in forum Administrators
    Replies: 1
    Last Post: 04-03-2007, 09:36 PM
  5. Replies: 5
    Last Post: 01-28-2007, 08:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •