Educause Security Discussion mailing list archives
Re: SSH password capture
From: "Yonesy F. Nunez" <yonesy.nunez () NEWSCHOOL EDU>
Date: Mon, 28 Jun 2010 08:52:05 -0400
Agreed. SSH keys are stronger than passwords; I'd recommend protecting the SSH keys with a strong password though, ;). In the event that you require automated usage of SSH, harden the device/system that requires this usage to further prevent these types of exploits. And not to thread-jack, but what is everyone else doing to manage system updates in their *nix (and/or heterogeneous) environments? Best regards, Yonesy -- Yonesy F. Nuñez | THE NEW SCHOOL Director, Information Security Office of Information Technology 55 W 13th Street, Rm 705 New York, NY 10011 P| 212.229.5300 x4728 F| 212.647.8211 E|nunezy () newschool edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Andrew Daviel Sent: Saturday, June 26, 2010 2:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] SSH password capture We recently found trojan openssh programs on a few machines, busy logging passwords in and out. I just wondered if anyone else had been hit by this, or had the source code - the one we found had a "SKYNET" ascii-art logo embedded in it. I suspect it of having a login backdoor, too, but can't prove it. I think they had a user account and privilege esclation exploit to get started, then followed some root passwords to get more systems, but don't seem to have done anything else to draw attention to themselves. An MD5 check against the package manager records found them once we started looking. I've been trying to encourage ssh keys instead of passwords, especially for root, after being bitten a few years back, but it's hard - passwords seem embedded in the modern psyche. -- Andrew Daviel, TRIUMF, Canada
Current thread:
- Re: attempts sending fake phishing messages to students and/or employees Sam Hooker (Jun 09)
- Re: attempts sending fake phishing messages to students and/or employees Eric Case (Jun 09)
- Re: attempts sending fake phishing messages to students and/or employees Jesse Thompson (Jun 11)
- Re: attempts sending fake phishing messages to students and/or employees Andrew Daviel (Jun 25)
- SSH password capture Andrew Daviel (Jun 25)
- Re: SSH password capture Yonesy F. Nunez (Jun 28)
- Re: attempts sending fake phishing messages to students and/or employees Dave Kovarik (Jun 10)
- Re: attempts sending fake phishing messages to students and/or employees Davis, Thomas R (Jun 11)
- Re: attempts sending fake phishing messages to students and/or employees Ben Woelk (Jun 11)
- Re: attempts sending fake phishing messages to students and/or employees Sam Hooker (Jun 14)
- Re: attempts sending fake phishing messages to students and/or employees Davis, Thomas R (Jun 11)
- Re: attempts sending fake phishing messages to students and/or employees Eric Case (Jun 09)