News Stay informed about the latest enterprise technology news and product updates.

Linux systems actively targeted using SSH key attacks

Attackers install a rootkit on the compromised systems to steal more SSH keys.

The United States Computer Emergency Readiness Team (US-CERT) is warning Linux users that they are being actively...

targeted by attackers using stolen SSH keys.

Secure Shell keys lock down communication between two networked devices. They are often used for remote authentication.

Once a Linux system is compromised, the attacker gains access to the kernel and installs a new rootkit known as Phalanx2, US-CERT said in its advisory. Phalanx2 is configured to swipe additional SSH keys from the compromised system.

US-CERT is advising system administrators to examine systems where SSH keys are used, review access paths to internet facing systems and ensure that systems are fully patched.

John Bambenek a vulnerability handler with the SANS Internet Storm Center said the biggest defense is to use a passphrase with keys for remote authentication and Internet facing machines.

"Sources of compromised keys could include the weak key vulnerability in Debian-based systems a few months ago, so if you haven't updated and replaced those keys, you ought to do so now," Bambenek said in the SANS Internet Storm Center Diary.

Dig Deeper on Emerging cyberattacks and threats

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.