[ILUG] SSH dictionary attacks.
Badger
badger at scattermail.com
Thu Aug 24 18:17:53 IST 2006
On Thu, Aug 24, 2006 at 05:02:29PM +0100, paul at clubi.ie wrote:
> On Thu, 24 Aug 2006, Badger wrote:
>
> >I was generalising when I said "keystroke logger of sorts" - I was
> >actually thinking about some sort of simple logger that you could
> >run out of .bash_profile when the user loggers in. Alternatively,
> >it could be a wrapper for ssh that you place in the users ~/.bin
> >and change their $PATH. In such cases you wouldn't require extra
> >privileges.
>
> Yeah, keyloggers are quite possible with same privileges as the
> targetted user. Indeed I don't think the user themselves need be able
> detect it (but other users could).
>
> IIRC, Colm MacCartaigh (sic) had a write up somewhere about login
> script keyloggers..
>
Cheers, I'll look out for it.
For the sake of completeness I felt compelled to add that the keylogger
approach also has a distinct time disadvantage - you could be waiting a
long time for the user to ssh into the server. Conversly, with an ssh
key in hand, you can get to cracking its passphrase immediately.
More information about the ILUG
mailing list