Skip to main content
Sign Up

SSH Credentials

Description

General

  • Documentation: https://tools.ietf.org/html/rfc4251
  • Summary: The Secure Shell (SSH) Protocol is a protocol for secure remote login, command-line and other secure network services over an insecure network. This detector aims at catching ssh authentication, typically in a command line, using a username separated by a @ from a host, and a password or in the form of variable assignments.
  • IPs allowlist: IP addresses granted with access to the remote host can be restricted by setting iptables rules on the server side.
  • Scopes: Users management can be set on the server side to restrict user rights on the machine.

Revoke the secret

A revocation list can be set on the server side to specify some rsa public key that should not be granted access.

Check for suspicious activity

All activities and connection attempts can be logged on the server.

Details for Ssh password

  • Family: Other

  • Category: Remote access

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 3

  • Occurrences found for one million commits: 6.8

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - sshpass

Examples

- text: |
    +cp ../data/aviso.json /home/triagoz/webapp/kbalem/data
    +#cp to screen app
    +sshpass -p 'ghjdmoo5giedaiwahC' scp /home4/homedir4/perso/kbalem/DIVAA/data/*.js sftp-vaa@lpo-www.univ-leak.fr:data/

  password: ghjdmoo5giedaiwahC
  username: sftp-vaa
  host: lpo-www.univ-leak.fr

- text: |
    +cp ../data/aviso.json /home/triagoz/webapp/kbalem/data
    +#cp to screen app
    +sshpass -p 'ghjdmo.5giedaiwahC' scp /home4/homedir4/perso/kbalem/DIVAA/data/*.js sftp-vaa@lpo-www.univ-leak.fr:data/

  password: ghjdmo.5giedaiwahC
  username: sftp-vaa
  host: lpo-www.univ-leak.fr

Details for Ssh password assignment

  • Family: Other

  • Category: Remote access

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 3

  • Occurrences found for one million commits: 0.2

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - ssh

Examples

- text: |
    +            String strSshUser = "cits3003-administrator";                  // SSH login username
    +            String strSshPassword = "cits3003@@";                   // SSH login password
    +            String strSshHost = "130.95.123.321";          // hostname or ip or SSH server

  username: cits3003-administrator
  password: cits3003@@
  host: 130.95.123.321

- text: |
    - <connection name="ffcstat11" sshUser="nixslo" auth="foobared" port="6379" sshHost="stat.fastfreeleaker.com" sshPassword="Thoo4Ibael4ie" sshPort="221" host="redis_srv"/>

  username: nixslo
  password: Thoo4Ibael4ie
  host: stat.fastfreeleaker.com

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

How can I help you ?