Re: Somebody is keep trying to ssh into my systems, how can I stop that?




left_coast wrote:
BTW, Here is an occasion where OpenSSH could have been hacked even using
your precious key:

http://www.cert.org/advisories/CA-2002-18.html

"The second vulnerability affects PAM modules using interactive keyboard
authentication in OpenSSH versions 2.3.1p1 through 3.3, regardless of the
challenge response option setting."

Note where it says "regardless of the challenge response option setting." So
even if "challenge response" was disabled, it still could have been hacked!
A key would not have protected anyone prior to the patch. The vulnerability
existed from the time version 2.3.1p1 until some time after version 3.3 was
released. In otherwords, if you used any version between 2.3.1p1 and 3.3
you would have been exposed to possible attack for the entire time you had
that version installed, REGARDLESS of howmany bites your key is long.

If you read the page, you will find that this covers an undetermined number
of security issues but not elaborated on.

Yes, this was some time ago, but if multiple vulnerabilities occurred in the
past, it is possible they could again in the future. OpenSSH does not have
a good enough record to rely it it allone.

Wrong choice. This is challenge-response authentication related and
*not* public key related. Challenge-response authentication is when you
reply to the challenge with a response computed using the supplied
password as a key or similar.

If you had taken the time to read the vulnerability you should have
seen that this could not really be public key related.

Yes, ssh implementations could potentially have a vulnerability
allowing remote access even when public key is activated which was the
point you were trying to make, but that doesn't make public key less
secure as the port-knocking deamon could also be subject to such a
vulnerability.

.



Relevant Pages

  • CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response
    ... There are two related vulnerabilities in the challenge response ... handling code in OpenSSH versions 2.3.1p1 through 3.3. ... The first vulnerability affects OpenSSH versions 2.9.9 ... PAM modules using interactive keyboard authentication in OpenSSH ...
    (Cert)
  • CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response
    ... There are two related vulnerabilities in the challenge response ... handling code in OpenSSH versions 2.3.1p1 through 3.3. ... The first vulnerability affects OpenSSH versions 2.9.9 ... PAM modules using interactive keyboard authentication in OpenSSH ...
    (FreeBSD-Security)
  • CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response
    ... There are two related vulnerabilities in the challenge response ... handling code in OpenSSH versions 2.3.1p1 through 3.3. ... The first vulnerability affects OpenSSH versions 2.9.9 ... PAM modules using interactive keyboard authentication in OpenSSH ...
    (Cert)
  • [NEWS] LDAP and VPN Vulnerabilities in PIX and ASA Appliances
    ... LDAP and VPN Vulnerabilities in PIX and ASA Appliances ... The Lightweight Directory Access Protocol authentication bypass ... Denial of Service in VPNs with Password Expiry ... LDAP Authentication Bypass Vulnerability ...
    (Securiteam)
  • [REVS] Introduction to HTTP Response Splitting
    ... single HTTP request that forces the web server to form an output stream, ... one response. ... HTTP response splitting is a fairly new web application vulnerability. ... Web cache poisoning: In this form a rather larger defacement takes place ...
    (Securiteam)