The question of whether your SSH is secure or can be intercepted is not simple!
 
EXACT INFORMATION RELATED TO VERSIONS, CONFIGURATION, and NETWORK TRUSTS ARE REQUIRED FOR A FULL SECURITY ANALYSIS of ANY PROTOCOL.

Legend {} = practical lab exploit


SSH exploits cover various implementations from Protocol 1.5 to 1.99 ( which drop back down when the connection is overflowed or DoS'd) to complete "somewhat secure" Protocol 2.0.

One can even BREAK modern [temporarily secure] SSH with changes to the /etc/ssh/sshd_config file (which exploiters [and admins] often [ahem] "customize") to allow X11 Forwarding, clear text, PAM, rhosts or another "useful" feature without considering greater layers of trust and mistrust in JustDoIt4Profit.com and ItCrisisJunkies4Us.com type shops.

Here's a breif list of the historic SSH exploits:

1) SSH CRC32 Compensation Attack Detector 2002

2) Various Buffer Exploits

a)
buffer_append_space() [including most recent in 2008] {http://www.milw0rm.com/exploits/6804 }
b) Key {http://www.securiteam.com/exploits/6D00M2K6AU.html }
c) SSH Challenge/Authentication Boundary Condition Exploit
d) SSH_FXP_OPEN exploit {http://securityvulns.com/Udocument754.html }
 
{ Gain a Root Shell:  http://www.securityspace.com/smysecure/catdescr.html?cat=Gain+a+shell+remotely }

Protect via fwknob: http://74.125.45.132/search?q=cache:cVZswnUzh34J:barcampchicago.com/files/fwknop-20080817.pdf+SSH+MD5+replay+script&hl=en&ct=clnk&cd=8&gl=us&client=firefox-a}

3) Debian SSH key issue {http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-05/msg00416.html }

4) SSH Remote Challenge Exploits UsePrivilegeSeparation

&&  SSH Remote PAM Challenge Exploits  {scanned using http://www.monkey.org/~provos/scanssh/ }

5) SSH Privilege Escalation:

http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=OpenSSH+3.0.2p1+exploit&type=archives

6) SSH X11 Forwarding Exploits
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011

{http://www.secuobs.com/secumail/snsecumail/msg09943.shtml }

7) Password Attacking or Dictionary Attacks

Explanation and Tests post encroachment:
http://gii2.nagaokaut.ac.jp/gii/rsd.php?itemid=734

a) Worms:  http://www.aerospacesoftware.com/ssh-kiddies.html 

b) MD5 attack {http://www.brendangregg.com/Chaos08/session_0003.textSSH.replay }

c) Hydra [BackTrack] SSH dictionary attack {http://forum.darkc0de.com/index.php?action=vthread&forum=19&topic=3134}

8) Man in the middle or TCP/IP spoofing and ARP cache poisoning (especially in insufficiently source and destination limited firewalled networks and with "evil localhost entries in /etc/hosts").

{ http://www.hackingdefined.com/movies/see-s...m-tunneling.zip
You might need a techsmith codec to view: http://www.techsmith.com/download/codecs.asp }

[sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI]

10) The most recent is the PLAIN TEXT leak for SSH recently announced on CPNI: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

and this decription:  http://www.securityfocus.com/archive/1/498558/30/0/threaded

It's probable that exploits for this are already circulating, as difficult as it seems to break. a creative use will certainly be implemented in conjunction with other tools.

Believe it or not there are a great many OLD versions of Protocol 1 out there in production server portals for highly visable Internet providers and corporations (some even with passwords as simple as "1234test" or "p@ssword").

There is more than one SSH protocol and more than one version of the sshd program. All of the current 1.x versions of the sshd program implement SSH protocol 1.5, which is generally called the SSH-1 protocol. Program versions 2 and higher with drop back to protocol 1 enabled  show the SSH 1.99 protocol or if drop back is disabled, they show SSH 2.0 protocol. Both of these are the SSH-2 protocol. If you telnet to port 22 on a machine that is running the sshd daemon, you get back a string that tells you the protocol currently being implemented and the version of the sshd daemon. For example, a returned string might be: SSH-1.5-1.2.27 which tells you that the daemon is implementing protocol version 1.5 and that the daemon is version 1.2.27.

It's generally recommended to know the features and limitations of every application in place.  Here's OpenSSH's version to exploit description:  http://www.openssh.com/security.html

SSH Hacking and Tunneling Exploits:  http://www.youtube.com/watch?v=eU4gFO0Z6GA

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis | http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452

Catch the January PLUG HackFest!   Kristy Westphal, CSO for the Arizona Department of Economic Security will provide a one hour presentation on forensics.


From: jon@the-hansons-az.net
To: plug-discuss@lists.plug.phoenix.az.us
Subject: Re: OT: Free OpenSource JAD/J2EE WAP SSH Client for Phones
Date: Tue, 25 Nov 2008 14:48:08 -0700

SSH is secured at your endpoint specifically because you don't trust the network. Even if someone was able to intercept the cellular data (which is encrypted as well, at least for GSM) they still wouldn't be able to decypher your SSH session.

Sent from my iPhone

On Nov 25, 2008, at 2:38 PM, "Joshua Zeidner" <jjzeidner@gmail.com> wrote:


 Lisa,

  I wonder if the data transport (over cell network) is secured...  can a sophisticated cell phone eavesdropper snoop on my ssh session?

 -jmz


On Tue, Nov 25, 2008 at 11:07 AM, Lisa Kachold <lisakachold@obnosis.com> wrote:
Check out midpssh - works on BlackBerry, and most PDA's - since it's compiled for various ARM and other phone devices.

http://www.xk72.com/midpssh/

Point your phone browser to install:

http://xk72.com/wap


Security Disclaimer:
Remember to limit your server SSH access points (where possible) through ACL [iptables] by IP [check your phone settings for IP address], use strong passwords, and deploy daemon wrappers like SSHIT or SSHUTOUT [to protect against brute force and dictionary attacks], enable strong logging and log servers [so the logs can't be trivially edited] and alternately run on a unique port (not 2222 [everyone uses 2222]) if you MUST leave SSH open to PSTN/Internet gateways.

www.Obnosis.comhttp://en.wiktionary.org/wiki/Citations:obnosis | http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452

Catch the January PLUG HackFest!   Kristy Westphal, CSO for the Arizona Department of Economic Security will provide a one hour presentation on forensics.




Get more done, have more fun, and stay more connected with Windows Mobile®. See how.

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


Windows Live Hotmail now works up to 70% faster. Sign up today.