[ILUG] SSH dictionary attacks.
badger at scattermail.com
Thu Aug 24 18:17:53 IST 2006
On Thu, Aug 24, 2006 at 05:02:29PM +0100, paul at clubi.ie wrote:
> On Thu, 24 Aug 2006, Badger wrote:
> >I was generalising when I said "keystroke logger of sorts" - I was
> >actually thinking about some sort of simple logger that you could
> >run out of .bash_profile when the user loggers in. Alternatively,
> >it could be a wrapper for ssh that you place in the users ~/.bin
> >and change their $PATH. In such cases you wouldn't require extra
> Yeah, keyloggers are quite possible with same privileges as the
> targetted user. Indeed I don't think the user themselves need be able
> detect it (but other users could).
> IIRC, Colm MacCartaigh (sic) had a write up somewhere about login
> script keyloggers..
Cheers, I'll look out for it.
For the sake of completeness I felt compelled to add that the keylogger
approach also has a distinct time disadvantage - you could be waiting a
long time for the user to ssh into the server. Conversly, with an ssh
key in hand, you can get to cracking its passphrase immediately.
More information about the ILUG