|

SSH (Secure Shell)

0Day?

View: New views

5 Messages — Rating Filter: Alert me

	0Day? by Jon Kibler-2 :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone with any solid knowledge regarding a new SSH 0-day? Something other than rumors/blog post saying there might be one? TIA for info! Jon K - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 (NEW!) s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpTXhUACgkQUVxQRc85QlOPXwCcCTai1YVSKRc0NBBo6y6JxJ/Q 3KsAmwRZRXsz6AblpgCciRwVmPf+941p =k/ju -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
	Re: 0Day? by Sujith M K :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message Ref Link : http://secer.org/hacktools/0day-openssh-remote-exploit.html Securing the sshd of your customer's servers ASAP by following atleast the following steps. 1) Change Default SSH Port 2) Disable Direct Root Login 3) Disable common wheel users like admin. Use a hard to guess wheel username 4) Disable shell access for all customers. 5) If possible allow access to SSH only from Bobcares and Customer's ip address ( Use firewall and hosts.{allow,deny} file to do this. ) Step 1, 2 and 3 makes it hard for the users to guess ssh port and wheel username Step 4 prevents user accounts from getting hacked. Step 5 make it almost 100% fool proof unless someone from own network or the client's network tries to hack. Regards Sujith On Tue, Jul 7, 2009 at 8:09 PM, Jon Kibler<Jon.Kibler@...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Anyone with any solid knowledge regarding a new SSH 0-day? > > Something other than rumors/blog post saying there might be one? > > TIA for info! > > Jon K > - -- > Jon R. Kibler > Chief Technical Officer > Advanced Systems Engineering Technology, Inc. > Charleston, SC USA > o: 843-849-8214 > c: 843-813-2924 (NEW!) > s: 843-564-4224 > http://www.linkedin.com/in/jonrkibler > > My PGP Fingerprint is: > BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkpTXhUACgkQUVxQRc85QlOPXwCcCTai1YVSKRc0NBBo6y6JxJ/Q > 3KsAmwRZRXsz6AblpgCciRwVmPf+941p > =k/ju > -----END PGP SIGNATURE----- > > > > > ================================================== > Filtered by: TRUSTEM.COM's Email Filtering Service > http://www.trustem.com/ > No Spam. No Viruses. Just Good Clean Email. > > -- Sujith Mohan k
	Re: 0Day? by Jacson Querubin :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message Let's follow the thread... http://lwn.net/Articles/340483/ Regards, Jacson On Tue, Jul 7, 2009 at 22:28, Sujith M K<sujithmk@...> wrote: > Ref Link : http://secer.org/hacktools/0day-openssh-remote-exploit.html > > Securing the sshd of your customer's servers ASAP by following > atleast the following steps. > > 1) Change Default SSH Port > 2) Disable Direct Root Login > 3) Disable common wheel users like admin. Use a hard to guess wheel username > 4) Disable shell access for all customers. > 5) If possible allow access to SSH only from Bobcares and Customer's > ip address ( Use firewall and hosts.{allow,deny} file to do this. ) > > Step 1, 2 and 3 makes it hard for the users to guess ssh port and wheel username > Step 4 prevents user accounts from getting hacked. > Step 5 make it almost 100% fool proof unless someone from own network > or the client's network tries to hack. > > Regards > Sujith > > > On Tue, Jul 7, 2009 at 8:09 PM, Jon Kibler<Jon.Kibler@...> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Anyone with any solid knowledge regarding a new SSH 0-day? >> >> Something other than rumors/blog post saying there might be one? >> >> TIA for info! >> >> Jon K >> - -- >> Jon R. Kibler >> Chief Technical Officer >> Advanced Systems Engineering Technology, Inc. >> Charleston, SC USA >> o: 843-849-8214 >> c: 843-813-2924 (NEW!) >> s: 843-564-4224 >> http://www.linkedin.com/in/jonrkibler >> >> My PGP Fingerprint is: >> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.8 (Darwin) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iEYEARECAAYFAkpTXhUACgkQUVxQRc85QlOPXwCcCTai1YVSKRc0NBBo6y6JxJ/Q >> 3KsAmwRZRXsz6AblpgCciRwVmPf+941p >> =k/ju >> -----END PGP SIGNATURE----- >> >> >> >> >> ================================================== >> Filtered by: TRUSTEM.COM's Email Filtering Service >> http://www.trustem.com/ >> No Spam. No Viruses. Just Good Clean Email. >> >> > > > > -- > Sujith Mohan k >
	Re: 0Day? by Jon Kibler-2 :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sujith M K wrote: > Ref Link : http://secer.org/hacktools/0day-openssh-remote-exploit.html > > Securing the sshd of your customer's servers ASAP by following > atleast the following steps. > > 1) Change Default SSH Port > 2) Disable Direct Root Login > 3) Disable common wheel users like admin. Use a hard to guess wheel username > 4) Disable shell access for all customers. > 5) If possible allow access to SSH only from Bobcares and Customer's > ip address ( Use firewall and hosts.{allow,deny} file to do this. ) > > Step 1, 2 and 3 makes it hard for the users to guess ssh port and wheel username > Step 4 prevents user accounts from getting hacked. > Step 5 make it almost 100% fool proof unless someone from own network > or the client's network tries to hack. > > Regards > Sujith > Good general advice. I always either use a port knocker or have ssh only listen on an internal IP accessible only through a VPN. I was not worried about my or my customer's systems, but was curious if anyone knew what was going on. Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 (NEW!) s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpVMGQACgkQUVxQRc85QlNuXwCePbtl6aXKhl/2D37kAQ/gmeAA RecAnjUf+3WIsCJtVJTHSyz/syqfURvS =Hi5p -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
	Re: 0Day? by Bugzilla from tonnerre.lombard@sygroup.ch :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message Salut, Apart from the fact that this 0day stuff is IMO a total hoax: On Wed, Jul 08, 2009 at 06:58:13AM +0530, Sujith M K wrote: > 2) Disable Direct Root Login > 3) Disable common wheel users like admin. Use a hard to guess wheel username > 4) Disable shell access for all customers. In the event of an 0day, how would that help? Kind regards, Tonnerre -- SyGroup GmbH Tonnerre Lombard Solutions Systematiques Tel:+41 61 333 80 33 Güterstrasse 86 Fax:+41 61 383 14 67 4053 Basel Web:www.sygroup.ch tonnerre.lombard@... signature.asc (852 bytes) Download Attachment