Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

CIACTech02-001: Understanding the SSH CRC32 Exploit

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) CIACTech02-001: Understanding the SSH CRC32 Exploit
# 1  
Old 12-24-2007
CIACTech02-001: Understanding the SSH CRC32 Exploit
In recent months, many servers running ssh have been compromised using the SSH CRC32 Compensation Attack Detector. Compromised machines have either not been upgraded to SSH protocol 2 or have not disabled drop back to SSH protocol 1. Use of this attack allows a remote user to gain root access on a server.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

List all files with prepended CRC32 (or other) hash code?

I would like to list all files in a directory tree but with a prepended digest hash code (like CRC32). CRC32 is not a MUST. If suitable another hash code can be used as well. In case of CRC32 the listing should look like 3765AC \usr\bin\spool 23CE99 \usr\bin\spool\list.h ... 11AA04... (3 Replies)
Discussion started by: pstein
3 Replies

2. UNIX for Dummies Questions & Answers

cksum does not give me crc32

Is cksum the right command to calculate the crc32 checksum value? I tried it for a number of files now and every time the results dont match. So there is nothing wrong with the file. Also, cksum gives me an all numerical value while crc32 is alpha numeric. What am I doing wrong? Thanks (9 Replies)
Discussion started by: utamav
9 Replies

3. UNIX for Advanced & Expert Users

cksum's and zip's CRC32 algorithm

Hello! For long I used cksum to find file duplicates in linux and darwin. Now I want to make my own program that does all. However I can't seem to find the correct algorithm. zip and cksum claim to use the same algorithm, but the computated sums are not the same. I've already written an... (4 Replies)
Discussion started by: regnevakrad
4 Replies

4. Programming

crc32 info

hello again, does anyone know where i can find some detailed info about the cyclic redundancy check? thx (2 Replies)
Discussion started by: crashnburn
2 Replies
Login or Register to Ask a Question

LEARN ABOUT SUSE

ssh-copy-id

SSH-COPY-ID(1)						      General Commands Manual						    SSH-COPY-ID(1)

NAME

       ssh-copy-id - install your public key in a remote machine's authorized_keys

SYNOPSIS

       ssh-copy-id [-i [identity_file]] [user@]machine

DESCRIPTION

       ssh-copy-id is a script that uses ssh to log into a remote machine (presumably using a login password, so password authentication should be
       enabled, unless you've done some clever use of multiple identities)

       It also changes the permissions of the remote user's home, ~/.ssh, and ~/.ssh/authorized_keys to remove group writability (which would oth-
       erwise prevent you from logging in, if the remote sshd has StrictModes set in its configuration).

       If  the -i option is given then the identity file (defaults to ~/.ssh/id_rsa.pub) is used, regardless of whether there are any keys in your
       ssh-agent.  Otherwise, if this:

	     ssh-add -L

       provides any output, it uses that in preference to the identity file.

       If the -i option is used, or the ssh-add produced no output, then it uses the contents of the identity file.  Once it has one or more  fin-
       gerprints (by whatever means) it uses ssh to append them to ~/.ssh/authorized_keys on the remote machine (creating the file, and directory,
       if necessary)

SEE ALSO

       ssh(1), ssh-agent(1), sshd(8)

OpenSSH 							 14 November 1999						    SSH-COPY-ID(1)