1/27/2024 0 Comments Evil openssh![]() If you are lucky enough, that will give you an identity of an owner. If a server does not use tools like fail2ban, you can scrape all available keys from Github and slowly enumerate them all against the server. Suppose you have an IP address of a bulletproof server, and you want to know who owns it. ![]() It can also be useful in the opposite direction. Additionally, an attacker can also find some of your consulting clients or customers of your software solutions. If your infrastructure runs on default SSH ports and uses default SSH usernames, such a technique can reveal additional targets for targeted attacks.įor most people, that is not a big deal, but for some companies with critical and industrial infrastructure, this can be a problem. Some attackers can scan all IPs in a few days and I'm pretty sure government agencies have been using this for years now. But what if someone wants to target you or your company? An attacker can grab a bunch of public keys from GitHub and run an internet-wide scan of SSH servers on all IPv4 addresses. That is, by having access to a public key, you can check if a server allows access for the specified public key and a username pair.Īt first glance, it does not look like a big problem. And the interesting detail here is that you don't need a private key to validate if a server allows access from a particular public/private key combination. When SSH client sends an auth request to a server, it enumerates all its public keys for which it has private keys. Not only such instances serve public keys, but they also allow you to gain extra information about employees of a particular entity. It's possible to brute-force some common usernames and get the keys for existing users. ![]() Despite the fact that they are private and you can't list all users on them. Update from a reader #2: Private on-premise Gitlab CE instances suffer from the same problem. Update from a reader: As it turned out, GitLab does the same thing. This is a pretty unknown feature of GitHub that allows everyone to gain access to millions of public keys. Ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDS.4GegDVgkD031qzTXfvsGsXPyFNYK653enI5UTL
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |