Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Comprimised SSH keys.

Hybrid View

  1. #1
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Comprimised SSH keys.

    Is this something Zimbra users need to worry about?

    Linux under attack: Compromised SSH keys lead to rootkit | Zero Day | ZDNet.com

    If anyone has the time, how do these attacks work?

  2. #2
    Join Date
    Mar 2007
    Location
    Austin
    Posts
    441
    Rep Power
    8

    Default

    That one mostly seems to be targeting the flaw that Debian had in their SSH key generation. The attack would either target the flawed key, or try to use already stolen SSH keys to gain access. Then they install the rootkit.

    Debian / Ubuntu have already released fixes for this. If you use SSH keys for logging in, you may want to use a passphrase. And don't let anyone get your private keys.

  3. #3
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default

    And if you run an sshd that is visible to the outside world, either directly or via NAT, you should read this article, and implement one of the solutions -- I like the /etc/hosts.allow approach myself.

  4. #4
    Join Date
    Jan 2008
    Location
    Pretoria
    Posts
    133
    Rep Power
    7

    Default

    You should not be accessing a machine via SSH over any other medium than a VPN.
    Basic security should help you to avoid this vulnerability

  5. #5
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default

    Aw, that's horse-crap. If ssh isn't hardened enough to be on the edge, your VPN probably isn't either.

  6. #6
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    After reading at us-cert, I guess some SSH access is done using keys without passwords or passphrases. These are the ones at most risk. I'm having trouble believing someone would not be using a password for access but I guess it is happening.

  7. #7
    Join Date
    Jan 2008
    Location
    Pretoria
    Posts
    133
    Rep Power
    7

    Default

    Agree. Again, basic security. As for putting SSH on the edge - Good luck with that.
    Anyone remember that scene in the matrix where trinity uses the old ssh exploit to kick the door in on a server.
    Had to do that an old HP-UX box some years ago...

  8. #8
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    12

    Default

    Agree. Again, basic security. As for putting SSH on the edge - Good luck with that.
    Anyone remember that scene in the matrix where trinity uses the old ssh exploit to kick the door in on a server.
    Had to do that an old HP-UX box some years ago...
    are you being serious?

  9. #9
    Join Date
    Jan 2008
    Location
    Pretoria
    Posts
    133
    Rep Power
    7

    Default

    About what? Putting ssh on the edge or exploiting the HP-UX box?

  10. #10
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default

    Quote Originally Posted by bonoboslr View Post
    About what? Putting ssh on the edge or exploiting the HP-UX box?
    I think he was actually inquiring about your assertion that this happened in a Matrix movie. :-)

    And I like the samhain hosts_allow ssh brute force attack preventer, myself...
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

Similar Threads

  1. [SOLVED] ZCS 5.0.1 and admin console problems (SSH?)
    By nsmarler in forum Administrators
    Replies: 3
    Last Post: 07-21-2008, 11:23 PM
  2. [SOLVED] mail queues on non-standard SSH port
    By sjobeck in forum Administrators
    Replies: 7
    Last Post: 09-07-2007, 01:01 PM
  3. Mail Queue SSH Public Key problem
    By markymarknz in forum Installation
    Replies: 6
    Last Post: 06-05-2007, 05:43 PM
  4. SSH Password in mail.info Logfile
    By brad.moss in forum Administrators
    Replies: 1
    Last Post: 04-03-2007, 10:36 PM
  5. Replies: 5
    Last Post: 01-28-2007, 09:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •