What Is SSH and How Do Hackers Attack It

SSH Brute-Force Attacks

Admittedly, SSH isn't something the average home user deals with on a daily basis, but nevertheless, it probably pays to know what it is. SSH stands for Secure Socket Shell, and it's a network protocol used by system and website administrators who need to remotely log into a server and execute commands, modify files, or change configuration settings.

Obviously, other protocols give admins the ability to do the same things, and some even provide additional convenience like a graphic user interface (with SSH, you only get a command line). The key with SSH is the first "S" which, as we established already, stands for "Secure".

SSH as a protocol appeared way back in 1995, and its main advantage is that the communication between the sysadmin's client and the server is encrypted. Although some flaws were found in the protocol's first version, SSH-2, the standard that was adopted in 2006, is thought to have no exploitable vulnerabilities.

With that said, establishing an SSH connection involves the traditional username-and-password authentication, and as we all know, this mechanism is susceptible to attacks.

SSH brute-force attacks

You all probably know what a brute-force attack is already. Hackers test a number of username and password combinations until they "guess" the right one and gain access to an account, or, in this case, a server. The biggest problem with a brute-force attack is that often, systems are designed to stop intruders after a preset number of unsuccessful login attempts. And unlike a regular website, with SSH, brute-forcing offline is not an option.

That's why, in an SSH brute-force attack, the mechanism is reversed. Instead of trying thousands of username and password combinations on a single server, the crooks try one username and password combination on thousands of servers. People use weak passwords which makes the attack feasible, and because every server registers just one failed login attempt at most, the hackers don't have to worry about any lockout mechanisms.

It's what's known in the industry as a spray-and-pray attack, meaning that the crooks are hoping that if they hit enough servers, one of them will let them in. It could indeed, be effective, but as you can see, it's not particularly useful if the crooks have set their sights on a particular target. On October 17, security researchers found out that compromising particular servers with the help of SSH is possible. Mind you, there are a few conditions to be met.

A libssh authentication bypass vulnerability

First of all, you shouldn't confuse libssh with SSH. libssh is a library that helps system administrators implement SSH. Peter Winter-Smith, a security researcher working for NCC Group, found a flaw in it that is terrifyingly easy to exploit.

The bug has existed since libssh 0.6 which was released way back in 2014, and it lies with the mechanism that handles messages between the server and the client. Normally, before authentication, the client would send the server a message saying SSH2_MSG_USERAUTH_REQUEST, and the server will request the user's username and password. Winter-Smith found out that if the client sends an SSH2_MSG_USERAUTH_SUCCESS message, the server would simply let the user carry on without asking for login credentials.

In other words, instead of saying "Can I come in?", the client states "I'm already in.", and the server simply agrees.

Indeed, it's a scary bug, and the news that GitHub, the world's biggest code hosting platform, uses libssh, threw some people into a state of panic. It turned out that they had overreacted. In fact, some reports appear to have blown the bug out of proportion. GitHub's team announced that they use a modified version of libssh and that their platform is not affected. According to Peter Winter-Smith himself, the number of vulnerable devices is relatively small. A patch is available, so hopefully, it will be even smaller very soon.

SSH is a solid network protocol, but it's only as secure as system administrators make it. Strong passwords and careful encryption key management is a must. While for the time being, there are no bugs in the protocol itself, the software applications that use it are bound to have vulnerabilities that are yet to be discovered. Quick and efficient handling of those vulnerabilities could mean the difference between keeping your platform safe and exposing it to cybercriminals.

By Duran
October 23, 2018
Tips
English
October 23, 2018
Tips

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Tips

Here's What Hackers Do with Your Social Security Number and How to Protect It

We sincerely hope that all of you fully understand that your Social Security number should remain private. You must know by now that few organizations are supposed to ask for it and that before you give it away, you... Read more

August 9, 2018
Ransomware

LabCorp Data Breach Fears Were Unfounded. It Was a Ransomware Attack

Laboratory Corporation of America Holdings or LabCorp has 60 thousand employees worldwide, helps with clinical trials in close to 100 countries, and processes around 2.5 million lab tests every week. This means that... Read more

July 20, 2018
Tips

How to Protect Your Wi-Fi Network from Hackers?

Try to think of something more annoying than a slow Internet connection. No, we can't do it, either. We all know that internet service providers do seem to be a bit overly ambitious with the speeds they advertise... Read more

April 27, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.