Hey for all that did not know ...
SSH versions
1.X.XX are vulnerable to a remote exploit .. (people are scanning and hacking like nuts)
To check if you have this hole open
"telnet yourhost.com 22"
If it doesn't say
SSH-2.0-2.2.0 SSH Secure Shell
(or something that is > 2.0-X.X.X
You probably need to upgrade and check if you have been hacked. I know for sure that there are people scanning entire networks and taking tons of servers doing this.
Just a heads up.. This one is big. It is shipped with RH standard.
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=exploit&id=2347
cperciva
11-15-2001, 07:38 PM
Uh... this is nine months old. Anyone who hasn't patched their system yet is in a coma.
mpope
11-15-2001, 07:40 PM
I did see that security focus updated the page on 11/14 , so perhaps there are some new developments?
Thanks,
mpope
edude
11-15-2001, 07:57 PM
lol ;)
Originally posted by cperciva
Uh... this is nine months old. Anyone who hasn't patched their system yet is in a coma.
ShellBounder
11-15-2001, 08:43 PM
Originally posted by cperciva
Uh... this is nine months old. Anyone who hasn't patched their system yet is in a coma.
I didn't get it recompiled until about 3 months ago because of compilation problems. I'm since out my coma.
By the way, does anyone know how to set up public-key login authentication? I want to do this for my remote logins into my server for security reasons.
*AHEM*
It was just updated with OTHER versions of SSH. Also, there is a new exploit posted.
So many of those 9 months ago who thought they were safe are now *AS OF YESTERDAY* unsafe.
Mike the newbie
11-15-2001, 10:22 PM
Originally posted by ShellBounder
I didn't get it recompiled until about 3 months ago because of compilation problems. I'm since out my coma.
By the way, does anyone know how to set up public-key login authentication? I want to do this for my remote logins into my server for security reasons.
As an easier alternative to recompiling, just change your sshd_config file.
Remove "1" from the Protocol line. That simple change will prevent any ssh clients from connecting to your box using ssh protocol version 1.
I have been using RH Linux since version 7.0, and all of the versions of ssh that shipped with RH Linux since 7.0 are capable of using version 2 of the protocol.
marksy
11-16-2001, 02:31 AM
I'm a little dense on this - OpenSSH utilizes the flawed SSH? So if I see:
SSH-1.99-OpenSSH_2.9p2
it's vulnerable?
bitserve
11-16-2001, 02:34 AM
The latest "exploit" has to do with certificates being faked. So if you're controlling access based on certificates, you will want to upgrade NOW.
Otherwise, upgrade when you have a chance.
daretosucced
11-16-2001, 10:19 AM
My SSH servers got hacked ...:( long time back
And my bare bone telnet servers were never ever hacked.
Sometimes I think isn't ssh better ?? :D
Quite strange I know...but in real experience the less software u install...the better system behave
Just to add...1 of my servers with firewall carshed again and again due to misconfiguration or bug of some sort...and I had to reinstall with more than 12 hours of downtime.
Other servers without any firewall stuff....are sailing smoothly with 100% uptime from past 3-4 months...yeah some amount of bandwidth is lost due to codered etc attacks...but My linux machine is safe and steady as yet without any firewall.
Just to conclude...I do use ssh on all of my new servers and try to implement firewall whereever I find place or need for it...but sometimes...I just think..:D ...:D
