SSH Hi-jacking

Discussion in 'other security issues & news' started by Ashley_101, Apr 9, 2007.

Thread Status:
Not open for further replies.
  1. Ashley_101

    Ashley_101 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1
    Hi all,
    I have a question about SSH? Is SSH less vulnerable to FIN and RST attacks?

    I don't believe it should be as SSH encrypts all data in the stream. If it is vulnerable to attacks, how do I defend against these attacks
     
  2. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Which SSH? If you are talking about the widely used OpenSSH from the developers of OpenBSD, then it is quite secure. I don't think any of the things you mentioned are applicable for OpenSSH security.

    In order to secure OpenSSH, you will want to set PermitRootLogin to no, possible tweak the MaxAuthTries, turn PasswordAuthentication off and use only public and private keys. Also, change it so that the Protocol is only 2, not one.

    Change the port if you want to in order to limit mere scripting attacks that search for all connections at port 22, but it doesn't offer any real security beyond that.

    The most secure way is to go the key route and turn off passwordauthentication, but it is also quite a hassle.

    If you are on *nix, to read up on the documentation, just type man sshd_config which will list all the different things you can configure, but to make things easier here are all the man pages needed:
    ssh sshd ssh_config sshd_config

    All of these options I described are located in the /etc/ssh/sshd_config file which you will need to edit as root or through sudo.

    If this hasn't been very clear, I can write it out more clearly and more descriptively if needed.

    Cheers,

    Alphalutra1
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Welcome to the forums Ashley_101,

    If by "FIN and RST attacks" you mean disrupting existing connections (which is all that FIN/RST packets can do) then SSH can be affected as much as any application using the TCP protocol. However all these can do is a Denial of Service - they cannot be used to hijack a connection, intercept data or gain access to a system.
     
Thread Status:
Not open for further replies.