Can hackers easily break regular SSH servers (config with no root access) ?

frenchn00b · 05-06-2008, 02:46 PM

Hello,
Since hackers are getting very good now, I have been hearing today that some could break SSH servers. I have not idea how but anyway...

Is SSH very unbreakable by hackers (with crazy complex pwd and no root access)?

--
Security is always a thema, particularly for Debian, since Debian runs lot of servers in the world.

Dutch Master · 05-06-2008, 02:54 PM

Ssh is as strong as the password you use it with. It can be broken by 'brute force' attacks, but generally, the ssh-server will deny any logins after 3 failed attempts for a specified timeframe. That buys you time, but not safety. However, most crackers (hackers do thing to prove something, crackers to make money or other evil stuff) don't want to spend hours trying to crack some ssh entry. Overall, using ssh is safe, as VPN's and such are based on ssh too

rocket357 · 05-06-2008, 03:10 PM

SSH that isn't watched closely is a probable target, since it's likely a hacker can spend a bit of time toying with it to crack the password. SSH configured for certificates is more secure (harder to "crack" a certificate than a password), but if a hacker managed to get the certificate...you get the picture.

The purpose of SSH is to allow an administrator remote access to a machine to run commands. Unfortunately, the same functionality is exposed to hackers...and as Dutch Master pointed out, brute force will *always* find the right key given enough time...so the question is not "can it be done", but rather "am I willing to watch closely and monitor SSH to shut down crack attempts before they get out of hand?"

That's a question only you can answer.

frenchn00b · 05-06-2008, 04:00 PM

Quote:

Originally Posted by rocket357

SSH that isn't watched closely is a probable target, since it's likely a hacker can spend a bit of time toying with it to crack the password. SSH configured for certificates is more secure (harder to "crack" a certificate than a password), but if a hacker managed to get the certificate...you get the picture.

The purpose of SSH is to allow an administrator remote access to a machine to run commands. Unfortunately, the same functionality is exposed to hackers...and as Dutch Master pointed out, brute force will *always* find the right key given enough time...so the question is not "can it be done", but rather "am I willing to watch closely and monitor SSH to shut down crack attempts before they get out of hand?"

That's a question only you can answer.

that hence means to get the right config of :

Code:

fail2ban 
and also the /etc/ssh/sshd_config

?

rocket357 · 05-06-2008, 04:10 PM

I'm not 100% sure I understood your last post, but if I read it correctly, you're asking if fail2ban and a proper sshd config would help? Certainly! I've not much experience with fail2ban, but my understanding is that it "listens" for brute force attempts and injects iptables rules to block those ip addresses. As Dutch Master posted earlier, this is just buying you time, not complete protection.

As for sshd config, keep in mind that turning off root access does NOT protect you from a user in the wheel group using su (or sudo for sudoers). The good thing about turning off root is that now the hacker must guess 2 items instead of 1: the password AND the username. Theoretically it'd take longer to "crack" both the username and the password that matches that username. It has nothing to do with root access (though that part helps haha).

introuble · 05-06-2008, 11:55 PM

Quote:

Originally Posted by frenchn00b

Since hackers are getting very good now

Where did you get this information from?

aux · 05-07-2008, 12:31 AM

if i'm not mistaken there's a script to exp this one on security focus, good luck.(oh sht, i thought it's to..., sorry my mistake)