hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting : SSH exploit (know's it should be in security but this == BIG)
Reply

Forum Jump

SSH exploit (know's it should be in security but this == BIG)

Reply Post New Thread In Web Hosting Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 11-15-2001, 06:52 PM
jic jic is offline
Web Hosting Evangelist
 
Join Date: Jan 2001
Posts: 495

SSH exploit (know's it should be in security but this == BIG)


Hey for all that did not know ...

SSH versions
1.X.XX are vulnerable to a remote exploit .. (people are scanning and hacking like nuts)


To check if you have this hole open

"telnet yourhost.com 22"

If it doesn't say

SSH-2.0-2.2.0 SSH Secure Shell
(or something that is > 2.0-X.X.X

You probably need to upgrade and check if you have been hacked. I know for sure that there are people scanning entire networks and taking tons of servers doing this.


Just a heads up.. This one is big. It is shipped with RH standard.


http://www.securityfocus.com/cgi-bin...xploit&id=2347

__________________
James R. Clark II



Sponsored Links
  #2  
Old 11-15-2001, 07:38 PM
cperciva cperciva is offline
Retired Moderator
 
Join Date: Jan 2001
Posts: 2,603
Uh... this is nine months old. Anyone who hasn't patched their system yet is in a coma.

__________________
Dr. Colin Percival, FreeBSD Security Officer
Online backups for the truly paranoid: http://www.tarsnap.com/

  #3  
Old 11-15-2001, 07:40 PM
mpope mpope is offline
Web Hosting Master
 
Join Date: May 2001
Posts: 697
I did see that security focus updated the page on 11/14 , so perhaps there are some new developments?

Thanks,
mpope

Sponsored Links
  #4  
Old 11-15-2001, 07:57 PM
edude edude is offline
Web Hosting Master
 
Join Date: Mar 2001
Location: Downunder..
Posts: 2,612
lol

Quote:
Originally posted by cperciva
Uh... this is nine months old. Anyone who hasn't patched their system yet is in a coma.

  #5  
Old 11-15-2001, 08:43 PM
ShellBounder ShellBounder is offline
WHT Addict
 
Join Date: May 2001
Posts: 127
Quote:
Originally posted by cperciva
Uh... this is nine months old. Anyone who hasn't patched their system yet is in a coma.
I didn't get it recompiled until about 3 months ago because of compilation problems. I'm since out my coma.

By the way, does anyone know how to set up public-key login authentication? I want to do this for my remote logins into my server for security reasons.

  #6  
Old 11-15-2001, 10:10 PM
jic jic is offline
Web Hosting Evangelist
 
Join Date: Jan 2001
Posts: 495
*AHEM*


It was just updated with OTHER versions of SSH. Also, there is a new exploit posted.

So many of those 9 months ago who thought they were safe are now *AS OF YESTERDAY* unsafe.

__________________
James R. Clark II

  #7  
Old 11-15-2001, 10:13 PM
uchost uchost is offline
Newbie
 
Join Date: Nov 2001
Posts: 15
good!!

__________________
****internet hosting services******
http://www.uchost.com

  #8  
Old 11-15-2001, 10:22 PM
Mike the newbie Mike the newbie is offline
Web Hosting Master
 
Join Date: Mar 2001
Location: Connecticut, US
Posts: 779
Quote:
Originally posted by ShellBounder


I didn't get it recompiled until about 3 months ago because of compilation problems. I'm since out my coma.

By the way, does anyone know how to set up public-key login authentication? I want to do this for my remote logins into my server for security reasons.

As an easier alternative to recompiling, just change your sshd_config file.

Remove "1" from the Protocol line. That simple change will prevent any ssh clients from connecting to your box using ssh protocol version 1.

I have been using RH Linux since version 7.0, and all of the versions of ssh that shipped with RH Linux since 7.0 are capable of using version 2 of the protocol.

  #9  
Old 11-16-2001, 02:31 AM
marksy marksy is offline
Web Hosting Evangelist
 
Join Date: May 2000
Posts: 486
I'm a little dense on this - OpenSSH utilizes the flawed SSH? So if I see:
SSH-1.99-OpenSSH_2.9p2
it's vulnerable?

  #10  
Old 11-16-2001, 02:34 AM
bitserve bitserve is offline
Web Hosting Master
 
Join Date: Nov 2001
Location: Ann Arbor, MI
Posts: 2,978
The latest "exploit" has to do with certificates being faked. So if you're controlling access based on certificates, you will want to upgrade NOW.

Otherwise, upgrade when you have a chance.

__________________
-Mark Adams
www.bitserve.com - Secure Michigan web hosting for your business.
Only host still offering a full money back uptime guarantee and prorated refunds.
Offering advanced server management and security incident response!

  #11  
Old 11-16-2001, 10:19 AM
daretosucced daretosucced is offline
Junior Guru Wannabe
 
Join Date: Oct 2001
Posts: 87
Isn't telnet better ?

My SSH servers got hacked ... long time back

And my bare bone telnet servers were never ever hacked.

Sometimes I think isn't ssh better ??

Quite strange I know...but in real experience the less software u install...the better system behave

Just to add...1 of my servers with firewall carshed again and again due to misconfiguration or bug of some sort...and I had to reinstall with more than 12 hours of downtime.

Other servers without any firewall stuff....are sailing smoothly with 100% uptime from past 3-4 months...yeah some amount of bandwidth is lost due to codered etc attacks...but My linux machine is safe and steady as yet without any firewall.

Just to conclude...I do use ssh on all of my new servers and try to implement firewall whereever I find place or need for it...but sometimes...I just think.. ...

Reply

Related posts from TheWhir.com
Title Type Date Posted


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?