LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] SSH dictionary attacks.

[ILUG] SSH dictionary attacks.

Aine Douglas aine.douglas at gmail.com
Thu Aug 24 14:48:41 IST 2006 

On 8/24/06, kevin lyda <kevin at ie.suberic.net> wrote:
> On Wed, Aug 23, 2006 at 03:59:56PM +0100, paul at clubi.ie wrote:
> > However the ssh server has:
> >
> > - no control over whether the remote user does or does not protect
> >   their key with a pass phrase
>
> ok, yes, but there's a major difference: in general the user's ssh key
> is not accessible directly via the net; the ssh login password is.
>
> if i want to use paul's key to break into server target.com.ie i have to
> go find paul's key.  where is that?  and once i figure out that it's on
> laptop x that is usually behind a firewall, how do i get to it?
>
> in my mind that's a big win.

Does anyone else remember a story from around 1998 where some guys
setup a linux server exposing only two services, ssh on port 22 and
apache on port 80, and then proceeded with a project to portscan the
entire internet?

If I remember rightly, they pi$$3d off a lot of admins and then
eventually the webserver got hacked.

Upon analysis, it was discovered that someone had traced the client
machine that they connected from, and hacked it, and retrieved the SSH
key file to access the server. I don't recall if the client was
windows / linux.

The moral of the story is, if your going to use certificate access,
you better be sure that it is protected by means other than the
filesystem. And yes, if they do retrieve it, its possibly only a
matter of time before they crack the password on it unless you have an
enforced password policy, as Paul has pointed out, but clearly there
are extra layers of complexity involved in the attack making it less
and less feasable through enchanced security.

Aine.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell