Linux systems actively targeted using SSH key attacks Staff

The United States Computer Emergency Readiness Team (US-CERT) is warning Linux users that they are being actively targeted by attackers using stolen SSH keys.

Secure Shell keys lock down communication

    Requires Free Membership to View

between two networked devices. They are often used for remote authentication.

Once a Linux system is compromised, the attacker gains access to the kernel and installs a new rootkit known as Phalanx2, US-CERT said in its advisory. Phalanx2 is configured to swipe additional SSH keys from the compromised system.

US-CERT is advising system administrators to examine systems where SSH keys are used, review access paths to internet facing systems and ensure that systems are fully patched.

John Bambenek a vulnerability handler with the SANS Internet Storm Center said the biggest defense is to use a passphrase with keys for remote authentication and Internet facing machines.

"Sources of compromised keys could include the weak key vulnerability in Debian-based systems a few months ago, so if you haven't updated and replaced those keys, you ought to do so now," Bambenek said in the SANS Internet Storm Center Diary.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: