aoncyberlabs / ssh-weak-dh Goto Github PK

License: GNU General Public License v2.0

Python 64.15% Shell 21.57% Dockerfile 14.28%

ssh-weak-dh's Introduction

About

This tool establishes SSH connections to a server, thereby enumerating through various client configurations, in order to determine whether the server allows a Diffie-Hellman (DH) key exchange based on a weak group. We hope that our tool will be useful to check SSH servers for weak DH key exchange configurations.

Note that this tool tests a limited number of configurations and therefore potentially fails to detect some weak configurations. Moreover, the server possibly blocks connections before the scan completes.

For further information about our tool, visit https://www.aon.com/cyber-solutions/aon_cyber_labs/ssh-weak-diffie-hellman-group-identification-tool/.

Consult the Logjam info page for suggestions on how to configure SSH servers to protect them as well as their clients from attacks exploiting DH key exchanges using a weak group.

Installation

Install docker and execute the following command:

docker build -t ssh-weak-dh .

Usage

Run the following commands:

docker run --rm -v "$(pwd)/logs/":/logs/ ssh-weak-dh hostname [port]

where hostname is the host name or IP address of the SSH server to scan. The optional argument port allows you to specify the port on which the SSH server listens. If the argument is not specified, it will default to 22.

The scan results are printed on stdout.

More detailed results can be found in the ./logs/ directory under the subfolder whose name has the form hostname-port where hostname and port are the corresponding command line parameters.

The scan tool calls the script ssh-weak-dh-analyze.py to analyze the scan results stored in the aforementioned subfolder. This analysis script is a standalone tool.

For example, run the following command to analyze the results of a scan of the SSH server running on port 22 on scanme.example.com inside a container shell:

docker run --rm -v "$(pwd)/logs/":/logs/ -it --entrypoint bash ssh-weak-dh
python3 -u ssh-weak-dh-analyze.py /logs/scanme.example.com-22/

It is also possible to run the scan script inside a container shell as follows:

docker run --rm -v "$(pwd)/logs/":/logs/ -it --entrypoint bash ssh-weak-dh
./ssh-weak-dh-test.sh hostname [port]

where hostname and port are the scanner arguments as explained before.

Copyright

Fabian Foerg, Gotham Digital Science, 2015-2023

ssh-weak-dh's People

Contributors

Stargazers

Watchers

./ssh-weak-dh-test.sh: line 63: ./openssh-6.?p?/ssh: No such file or directory

I think this is because openssh-7.3p1 in setup.sh does not match ./openssh-6.?p?in ssh-weak-dh-test.sh

See:

https://github.com/GDSSecurity/SSH-Weak-DH/blob/master/setup.sh#L3 OPENSSH_VER='7.3p1'
https://github.com/GDSSecurity/SSH-Weak-DH/blob/master/ssh-weak-dh-test.sh#L3 readonly SSH_PATCHED='./openssh-6.?p?/ssh'

This is how I built:

zypper install patch
zypper install make
zypper install gcc
zypper install zlib-devel
zypper install openssl-devel
reboot
cd ~
mkdir Versioned
cd Versioned/
git clone https://github.com/GDSSecurity/SSH-Weak-DH.git
cd SSH-Weak-DH/
chmod +x *.sh *.py
./setup.sh 
./ssh-weak-dh-test.sh localhost

Output of the last command:

Saving output files in ssh-weak-dh/localhost-22

./ssh-weak-dh-test.sh: line 63: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 32: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 32: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 32: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory
./ssh-weak-dh-test.sh: line 35: ./openssh-6.?p?/ssh: No such file or directory


Analysis of results:

WARNING: This tool tests a limited number of configurations and therefore potentially fails to detect some weak configurations. Moreover, the server possibly blocks connections before the scan completes.

--jeroen

404 not found http://mirrors.nycbug.org/pub/OpenBSD/OpenSSH/portable/openssh-6.9p1.tar.gz

On Mac OS X and likely other platforms:

$ cd ~/Versioned
$ git clone https://github.com/GDSSecurity/SSH-Weak-DH.git
Cloning into 'SSH-Weak-DH'...
remote: Counting objects: 77, done.
remote: Total 77 (delta 0), reused 0 (delta 0), pack-reused 77
Unpacking objects: 100% (77/77), done.
Checking connectivity... done.
$ git clone https://github.com/GDSSecurity/SSH-Weak-DH.git
$ cd SSH-Weak-DH/
$ ls -al
total 88
drwxr-xr-x  10 jeroenp  staff    340 Sep  9 17:31 .
drwxr-xr-x  51 jeroenp  staff   1734 Sep  9 17:31 ..
drwxr-xr-x  13 jeroenp  staff    442 Sep  9 17:31 .git
-rw-r--r--   1 jeroenp  staff  18046 Sep  9 17:31 LICENSE
-rw-r--r--   1 jeroenp  staff   2384 Sep  9 17:31 README.md
drwxr-xr-x   8 jeroenp  staff    272 Sep  9 17:31 configs
-rw-r--r--   1 jeroenp  staff   7776 Sep  9 17:31 openssh.patch
-rwxr-xr-x   1 jeroenp  staff    925 Sep  9 17:31 setup.sh
-rwxr-xr-x   1 jeroenp  staff   3775 Sep  9 17:31 ssh-weak-dh-analyze.py
-rwxr-xr-x   1 jeroenp  staff   2277 Sep  9 17:31 ssh-weak-dh-test.sh
$ chmod +x *.sh *.py
$ ./setup.sh 
--2016-09-09 17:34:01--  http://mirrors.nycbug.org/pub/OpenBSD/OpenSSH/portable/openssh-6.9p1.tar.gz
Resolving mirrors.nycbug.org... 66.111.2.14
Connecting to mirrors.nycbug.org|66.111.2.14|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2016-09-09 17:34:03 ERROR 404: Not Found.

shasum: openssh-6.?p?.tar.gz: 
Error: Checksum check failed!

http://mirrors.nycbug.org/pub/OpenBSD/ shows this:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
THIS SITE HAS BEEN RETIRED

PLEASE USE ftp4.usa.openbsd.org

Mark Saad [email protected] 29Jul2016
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

There is an older http://ftp4.usa.openbsd.org/pub/OpenBSD/snapshots/packages/i386/p5-Net-OpenSSH-0.68.tgz

So: what .tgz file is needed?

aoncyberlabs / ssh-weak-dh Goto Github PK

ssh-weak-dh's Introduction

About

Installation

Usage

Copyright

ssh-weak-dh's People

Contributors

Stargazers

Watchers

Forkers

ssh-weak-dh's Issues

Doesn't work

Integrate checking for common groups

Fails to run after succesful setup on latest OpenSuSE Tumbleweed - `openssh-7.3p1` does not match `./openssh-6.?p?`

404 not found http://mirrors.nycbug.org/pub/OpenBSD/OpenSSH/portable/openssh-6.9p1.tar.gz

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent