22 - SSH
Last updated
Last updated
can be used to scan the network for SSH
services:
The OpenSSH
service for all versions < 7.7
are vulnerable to oracle username enumeration.
The Python script as well as the Metasploit
module auxiliary/scanner/ssh/ssh_enumusers
can be used to validate the presence of a system user:
Authentication methods overview
The following authentication methods are possible:
password authentication
: simple request for a single password with no specific prompt.
keyboard interactive
: more complex request for arbitrary number of pieces of information. Can be hooked to two-factor (or multi-factor) authentications (PAM, Kerberos, etc.).
public key authentication
: clients must provide a public key in the list of allowed keys on the server and encrypts a certain data packet using the private key. The public key authentication method is the only method that both client and server software are required to implement.
host-based authentication
: host-based authentication is used to restrict client access only to certain hosts. This method is similar to public key authentication; however, the server additionally maintains a list of hosts mapped to their public keys and will only accept connection with the keys from the pre recorded host.
Supported authentication methods enumeration
A verbose connection attempt will display the authentication methods supported by the server (under debug1: Authentications that can continue:
):
The authentication methods supported by given SSH
servers can also be enumerated more automatically using the nmap
's ssh-auth-methods
NSE
script:
Legacy DSA public key authentication
To connect to a server using DSA
keys with a modern OpenSSH
client, the PubkeyAcceptedKeyTypes +ssh-dss
option must be added to the client config:
If the client is not correctly configured, the following debug error message will be returned during the authentication process:
Password & keyboard interactive authentication
publickey authentication spraying
While an exhaustive attack is not possible, the key based brute force can be used for lateral movement once a private key could be compromised.
OpenSSL Predictable PRNG (CVE-2008-0166)
Due to a default of implementation of the seeding process in the OpenSSL
package, all SSL
and SSH
keys generated on Debian-based systems (Ubuntu, Kubuntu, etc) between September 2006 and May 13th, 2008 are cryptographically weak.
All possible combination of public / private RSA (2048 and 4096 bits) and DSA (1024 bits) keys can be downloaded here:
To retrieve a private key if its public counterpart could somehow be extracted from the server (/root/.ssh/authorized_keys
or /home/<USERNAME>/.ssh/authorized_keys
through LFI or file system disclosure, etc.):
[Windows] PuTTY
[Linux] parallel-ssh
The option -x '-q -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null'
can be provided to bypass the verification of the target host key and prevent the saving of the host key.
The multi-purpose brute-forcer or the auxiliary/scanner/ssh/ssh_login
metasploit
module can be used to brute force credentials through the password
and keyboard interactive
authentication methods:
The Metasploit
's auxiliary/scanner/ssh/ssh_login_pubkey
module and the Python script can be used to brute force SSH
keys.
A repository of static authorized SSH keys "hardcoded" into software and hardware products is available in the .
is a simple SSH
, as well as telnet
, rlogin
and serial
, GUI client for Microsoft Windows, available as an installed program and a standalone binary.
The command-line utility can be used to execute operating system commands through ssh
on multiple hosts. The utility will return for each host the return code
of the provided command.