SSH Credentials
#
Description#
General- Documentation: https://tools.ietf.org/html/rfc4251
- Summary: The Secure Shell (SSH) Protocol is a protocol for secure remote login, command-line and other secure network services over an insecure network. This detector aims at catching ssh authentication, typically in a command line, using a username separated by a
@
from a host, and a password or in the form of variable assignments. - IPs allowlist: IP addresses granted with access to the remote host can be restricted by setting iptables rules on the server side.
- Scopes: Users management can be set on the server side to restrict user rights on the machine.
#
Revoke the secretA revocation list can be set on the server side to specify some rsa public key that should not be granted access.
#
Check for suspicious activityAll activities and connection attempts can be logged on the server.
Ssh password
#
Details for Family: Other
Category: Remote access
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 3
Occurrences found for one million commits: 3.17
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - sshpass
#
Examples- text: | +cp ../data/aviso.json /home/triagoz/webapp/kbalem/data +#cp to screen app +sshpass -p 'ghjdmoo5giedaiwahC' scp /home4/homedir4/perso/kbalem/DIVAA/data/*.js sftp-vaa@lpo-www.univ-leak.fr:data/
password: ghjdmoo5giedaiwahC username: sftp-vaa host: lpo-www.univ-leak.fr
- text: | +cp ../data/aviso.json /home/triagoz/webapp/kbalem/data +#cp to screen app +sshpass -p 'ghjdmo.5giedaiwahC' scp /home4/homedir4/perso/kbalem/DIVAA/data/*.js sftp-vaa@lpo-www.univ-leak.fr:data/
password: ghjdmo.5giedaiwahC username: sftp-vaa host: lpo-www.univ-leak.fr
Ssh password assignment
#
Details for Family: Other
Category: Remote access
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 3
Occurrences found for one million commits: 0.2
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - ssh
#
Examples- text: | + String strSshUser = "cits3003-administrator"; // SSH loging username + String strSshPassword = "cits3003@@"; // SSH login password + String strSshHost = "130.95.123.321"; // hostname or ip or SSH server
username: cits3003-administrator password: cits3003@@ host: 130.95.123.321
- text: | - <connection name="ffcstat11" sshUser="nixslo" auth="foobared" port="6379" sshHost="stat.fastfreeleaker.com" sshPassword="Thoo4Ibael4ie" sshPort="221" host="redis_srv"/>
username: nixslo password: Thoo4Ibael4ie host: stat.fastfreeleaker.com