Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "SSH Authorized Keys" module is a test case designed to detect misconfigurations related to SSH authorized keys. It targets the SSH software and checks for the presence of specific key types, such as "ssh-dss," "ssh-ed25519," "ssh-rsa," and "ecdsa-sha2-nistp256." This module has a low severity level.
If misconfigurations are detected, unauthorized users may gain access to the SSH server by using compromised or unauthorized SSH keys. This can lead to unauthorized access to sensitive information or systems.
The "SSH Authorized Keys" module works by sending HTTP requests to specific paths, such as "/.ssh/authorized_keys" and "/_/.ssh/authorized_keys," using the GET method. It then applies matching conditions to determine if misconfigurations exist.
The matching conditions include:
- Checking for the presence of specific key types, such as "ssh-dss," "ssh-ed25519," "ssh-rsa," and "ecdsa-sha2-nistp256." - Verifying that the HTTP response status is 200.If both matching conditions are met, the module reports a vulnerability.