Discussion:
0Day?
(too old to reply)
Sujith M K
2009-07-08 16:49:33 UTC
Permalink
Ref Link : http://secer.org/hacktools/0day-openssh-remote-exploit.html

Securing the sshd of your customer's servers ASAP by following
atleast the following steps.

1) Change Default SSH Port
2) Disable Direct Root Login
3) Disable common wheel users like admin. Use a hard to guess wheel usernam=
e
4) Disable shell access for all customers.
5) If possible allow access to SSH only from Bobcares and Customer's
ip address ( Use firewall and hosts.{allow,deny} file to do this. )

Step 1, 2 and 3 makes it hard for the users to guess ssh port and wheel use=
rname
Step 4 prevents user accounts from getting hacked.
Step 5 make it almost 100% fool proof unless someone from own network
or the client's network tries to hack.

Regards
Sujith
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anyone with any solid knowledge regarding a new SSH 0-day?
Something other than rumors/blog post saying there might be one?
TIA for info!
Jon K
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC =A0USA
o: 843-849-8214
c: 843-813-2924 (NEW!)
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpTXhUACgkQUVxQRc85QlOPXwCcCTai1YVSKRc0NBBo6y6JxJ/Q
3KsAmwRZRXsz6AblpgCciRwVmPf+941p
=3Dk/ju
-----END PGP SIGNATURE-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
--=20
Sujith Mohan k
Jacson Querubin
2009-07-08 19:51:44 UTC
Permalink
Let's follow the thread...

http://lwn.net/Articles/340483/

Regards,

Jacson
Ref Link : =A0http://secer.org/hacktools/0day-openssh-remote-exploit.html
Securing the sshd of your customer's servers ASAP by =A0following
atleast the following steps.
1) Change Default SSH Port
2) Disable Direct Root Login
3) Disable common wheel users like admin. Use a hard to guess wheel usern=
ame
4) Disable shell access for all customers.
5) If possible allow access to SSH only from Bobcares and Customer's
ip address ( Use firewall and hosts.{allow,deny} file to do this. )
Step 1, 2 and 3 makes it hard for the users to guess ssh port and wheel u=
sername
Step 4 prevents user accounts from getting hacked.
Step 5 make it almost 100% fool proof unless someone from own network
or the client's network tries to hack.
Regards
Sujith
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anyone with any solid knowledge regarding a new SSH 0-day?
Something other than rumors/blog post saying there might be one?
TIA for info!
Jon K
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC =A0USA
o: 843-849-8214
c: 843-813-2924 (NEW!)
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpTXhUACgkQUVxQRc85QlOPXwCcCTai1YVSKRc0NBBo6y6JxJ/Q
3KsAmwRZRXsz6AblpgCciRwVmPf+941p
=3Dk/ju
-----END PGP SIGNATURE-----
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
--
Sujith Mohan k
Jon Kibler
2009-07-09 16:17:11 UTC
Permalink
This is a multi-part message in MIME format...

------------=_1247096945-29801-432
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Sujith M K
Ref Link : http://secer.org/hacktools/0day-openssh-remote-exploit.html
Securing the sshd of your customer's servers ASAP by following
atleast the following steps.
1) Change Default SSH Port
2) Disable Direct Root Login
3) Disable common wheel users like admin. Use a hard to guess wheel username
4) Disable shell access for all customers.
5) If possible allow access to SSH only from Bobcares and Customer's
ip address ( Use firewall and hosts.{allow,deny} file to do this. )
Step 1, 2 and 3 makes it hard for the users to guess ssh port and wheel username
Step 4 prevents user accounts from getting hacked.
Step 5 make it almost 100% fool proof unless someone from own network
or the client's network tries to hack.
Regards
Sujith
Good general advice.

I always either use a port knocker or have ssh only listen on an internal IP
accessible only through a VPN. I was not worried about my or my customer's
systems, but was curious if anyone knew what was going on.

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-813-2924 (NEW!)
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpVMGQACgkQUVxQRc85QlNuXwCePbtl6aXKhl/2D37kAQ/gmeAA
RecAnjUf+3WIsCJtVJTHSyz/syqfURvS
=Hi5p
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.


------------=_1247096945-29801-432--

Loading...