[kwlug-disc] SSH hygiene suggestion
Chris Irwin
chris at chrisirwin.ca
Thu Jan 10 11:18:32 EST 2019
On Thu, Jan 10, 2019 at 03:10:51AM -0500, tomg at sentex.ca wrote:
>It looks like this SSH worm can only spread if a) the use of
>authorized_keys is in place and b) the private SSH key is not
>password-encrypted. So, my suggestion is, to the Linux world, please
>encrypt your private SSH key.
For most users, an encrypted ssh key only protects it on-disk. The
decrypted key is cached via any number of ssh-agents (like the
gnome-keyring) after used for the first time in a session.
I can't imagine having to type my ssh key 1000 times a day.
>I would also like to know why Dr. Web is not publishing the source code
>to this virus.
Perhaps they're not clear on the license ;)
> My and others' security are concerned and this bugs me. Is it
>necessary and if so, why? And can I get it as a concerned Linux user
>or do I have to provide some information that I'm a serious security
>researcher?
TBH, it would probably be irresponsible to say "Here's the code to an
effective linux worm" until some thought is given to mitigation and
repurcussions.
That said, you can't get the actual code, and I think that explains why
the actual transmission jibberish doesn't work (from the top of your
mail). It's been edited.
>"cat /tmp/.hh > /tmp/.h ; rm -rf /tmp/.hh" ? He knows about AWK but
>not mv?
Probably just copy-paste, as he's doing a lot of similar `cat` and
`grep` work above.
If you really want to criticize, all of those `cat` calls are not
required, and his loop could be done with just built-ins.
--
Chris Irwin
email: chris at chrisirwin.ca
xmpp: chris at chrisirwin.ca
web: https://chrisirwin.ca
More information about the kwlug-disc
mailing list