Web Hosting Talk : Web Hosting Main Forums : Web Hosting : SSH exploit (know's it should be in security but this == BIG)

[jic]

Hey for all that did not know ...

SSH versions
1.X.XX are vulnerable to a remote exploit .. (people are scanning and hacking like nuts)


To check if you have this hole open

"telnet yourhost.com 22"

If it doesn't say

SSH-2.0-2.2.0 SSH Secure Shell
(or something that is > 2.0-X.X.X

You probably need to upgrade and check if you have been hacked. I know for sure that there are people scanning entire networks and taking tons of servers doing this.


Just a heads up.. This one is big. It is shipped with RH standard.


http://www.securityfocus.com/cgi-bin...xploit&id=2347

[cperciva]

Uh... this is nine months old. Anyone who hasn't patched their system yet is in a coma.

[mpope]

I did see that security focus updated the page on 11/14 , so perhaps there are some new developments?

Thanks,
mpope

[edude]

lol

Quote:

Originally posted by cperciva
Uh... this is nine months old. Anyone who hasn't patched their system yet is in a coma.

[ShellBounder]

Quote:

Originally posted by cperciva
Uh... this is nine months old. Anyone who hasn't patched their system yet is in a coma.

I didn't get it recompiled until about 3 months ago because of compilation problems. I'm since out my coma.

By the way, does anyone know how to set up public-key login authentication? I want to do this for my remote logins into my server for security reasons.

[jic]

*AHEM*


It was just updated with OTHER versions of SSH. Also, there is a new exploit posted.

So many of those 9 months ago who thought they were safe are now *AS OF YESTERDAY* unsafe.

[uchost]

good!!

[Mike the newbie]

Quote:

Originally posted by ShellBounder


I didn't get it recompiled until about 3 months ago because of compilation problems. I'm since out my coma.

By the way, does anyone know how to set up public-key login authentication? I want to do this for my remote logins into my server for security reasons.

As an easier alternative to recompiling, just change your sshd_config file.

Remove "1" from the Protocol line. That simple change will prevent any ssh clients from connecting to your box using ssh protocol version 1.

I have been using RH Linux since version 7.0, and all of the versions of ssh that shipped with RH Linux since 7.0 are capable of using version 2 of the protocol.

[marksy]

I'm a little dense on this - OpenSSH utilizes the flawed SSH? So if I see:
SSH-1.99-OpenSSH_2.9p2
it's vulnerable?

[bitserve]

The latest "exploit" has to do with certificates being faked. So if you're controlling access based on certificates, you will want to upgrade NOW.

Otherwise, upgrade when you have a chance.

[daretosucced]

My SSH servers got hacked ... long time back

And my bare bone telnet servers were never ever hacked.

Sometimes I think isn't ssh better ??

Quite strange I know...but in real experience the less software u install...the better system behave

Just to add...1 of my servers with firewall carshed again and again due to misconfiguration or bug of some sort...and I had to reinstall with more than 12 hours of downtime.

Other servers without any firewall stuff....are sailing smoothly with 100% uptime from past 3-4 months...yeah some amount of bandwidth is lost due to codered etc attacks...but My linux machine is safe and steady as yet without any firewall.

Just to conclude...I do use ssh on all of my new servers and try to implement firewall whereever I find place or need for it...but sometimes...I just think.. ...