All articles tagged with #ssh
Raspberry Pi OS now supports SSH over USB via gadget mode (rpi-usb-gadget), allowing a headless Pi to appear as a network device for SSH access with Internet Connection Sharing. Setup is supported by Raspberry Pi Imager; OTG is an older alternative and Windows ICS requires a driver.
Cisco's Talos security team has issued a warning about a widespread credential compromise campaign targeting VPNs, SSH, and web applications, with attacks originating from nearly 4,000 IP addresses. The attacks involve both generic and specific usernames, and the IP addresses appear to come from anonymizing tunnels and proxies. The campaign is indiscriminate and opportunistic, posing risks of unauthorized network access, account lockouts, and denial-of-service conditions. Cisco has provided a list of recommendations for preventing these attacks and has added the IP addresses to a block list for its VPN offerings.
A vulnerability in PuTTY versions 0.68 through 0.80 could allow attackers to recover private keys used for cryptographic signatures, potentially leading to unauthorized access to SSH servers or the ability to sign commits as a developer. The flaw, tracked as CVE-2024-31497, was discovered by researchers at Ruhr University Bochum and has been fixed in PuTTY version 0.81. Other software using the vulnerable PuTTY versions, such as FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, may also be impacted and users are advised to take preventive action.
The widely-used PuTTY SSH client, along with other products like FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, has been found vulnerable to a key recovery attack that could compromise NIST P-521 private keys. The flaw, assigned the CVE identifier CVE-2024-31497, allows attackers to recover private keys and forge signatures, potentially leading to unauthorized access to servers. The issue has been addressed in the latest versions of PuTTY, FileZilla, WinSCP, and TortoiseGit, with recommendations for users of TortoiseSVN to use the latest PuTTY release until a patch is available. Additionally, affected keys should be considered compromised and revoked.
A backdoor was discovered in xz Utils, a widely used data compression utility in Linux and Unix-like systems, allowing unauthorized access with root privileges through SSH. The backdoor was nearly merged into major Linux distributions, and its creator, Jia Tan, has a mysterious online presence. The attack involved years of planning and manipulation of open-source projects, and the malicious code was designed to be stealthy and targeted specific system configurations. Multiple researchers have analyzed the backdoor's components, and the incident serves as a cautionary tale for the security of open-source software supply chains.
A major vulnerability has been discovered in the xz package on Debian installations, potentially compromising SSH logins on Linux systems. The vulnerability, assigned CVE-2024-3094, allows for malicious code to be injected into the liblzma library, affecting versions 5.6.0 and 5.6.1. Users are advised to downgrade to version 5.4.6 or disable public-facing SSH servers to mitigate the risk.
Malicious code was discovered in the widely used xz Utils compression tool, affecting versions 5.6.0 and 5.6.1, which made its way into beta releases of major Linux distributions, including Red Hat and Debian. The backdoor was designed to break SSH authentication, potentially allowing unauthorized access to systems. While the malicious versions were caught before being added to production releases, users are advised to check with their distributors to determine if their systems are affected.
Here are five tips for securing SSH on your Linux desktops and servers, including installing fail2ban to prevent brute-force attacks, changing the default port, blocking users with blank passwords, restricting logins to specific IP addresses, and using SSH key authentication to better protect against unwanted logins.
Nearly 11 million SSH servers are vulnerable to a new type of cyberattack called the Terrapin attack, which compromises the integrity of SSH connections by manipulating sequence numbers during the handshake process. The attack, discovered by researchers from Ruhr University Bochum, particularly affects servers using certain encryption modes and can downgrade public key algorithms and disable defenses against keystroke timing attacks. Shadowserver's report indicates that a significant number of servers globally are exposed to this risk, with the highest numbers in the United States, China, and Germany. A vulnerability scanner is available for those who wish to check their systems for susceptibility to the Terrapin attack.
Security researchers have identified a new vulnerability in the SSH protocol, named Terrapin (CVE-2023-48795), which allows attackers to downgrade the security of SSH connections by exploiting a prefix truncation attack during the handshake process. This could lead to weaker client authentication and the disabling of keystroke timing attack countermeasures. The flaw affects numerous SSH implementations and patches have been released to address the issue. Organizations are urged to patch both servers and clients to fully mitigate the risk.
Researchers have discovered a vulnerability in the cryptographic keys used to protect data in computer-to-server SSH traffic, which can be compromised when computational errors occur during connection establishment. The vulnerability affects RSA keys and has been found in approximately one-third of the SSH signatures examined, exposing the private key of the host in about one in a million cases. This finding is surprising because most SSH software has deployed countermeasures to prevent such attacks, and it was previously believed that signature faults only affected RSA keys used in TLS protocols.
Researchers have discovered that a significant number of cryptographic keys used to protect SSH connections are vulnerable to compromise due to computational errors during connection establishment. The vulnerability affects RSA keys used in approximately one-third of SSH signatures, potentially exposing the private key of the host. While most SSH software has countermeasures in place, the finding is surprising as previous research believed such attacks were limited to TLS protocol. The researchers suggest implementing additional protection in other protocols and emphasize the importance of defending against these failures.
A user discovered that when using SSH to execute a command on a remote server, spaces in command-line arguments can be handled strangely. The user expected the command to be passed on transparently, but SSH turned the argument "bar\ baz" into two separate command-line arguments, causing the command to fail. The exact reason for this behavior is unknown, but it is suspected to be a design decision or an entrenched bug.