Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

SSH Authorized Keys

By kannthu

Low
Vidoc logoVidoc Module
#config#exposure#ssh
Description

What is the "SSH Authorized Keys" module?

The "SSH Authorized Keys" module is a test case designed to detect misconfigurations related to SSH authorized keys. It targets the SSH software and checks for the presence of specific key types, such as "ssh-dss," "ssh-ed25519," "ssh-rsa," and "ecdsa-sha2-nistp256." This module has a low severity level.

Impact

If misconfigurations are detected, unauthorized users may gain access to the SSH server by using compromised or unauthorized SSH keys. This can lead to unauthorized access to sensitive information or systems.

How the module works?

The "SSH Authorized Keys" module works by sending HTTP requests to specific paths, such as "/.ssh/authorized_keys" and "/_/.ssh/authorized_keys," using the GET method. It then applies matching conditions to determine if misconfigurations exist.

The matching conditions include:

- Checking for the presence of specific key types, such as "ssh-dss," "ssh-ed25519," "ssh-rsa," and "ecdsa-sha2-nistp256." - Verifying that the HTTP response status is 200.

If both matching conditions are met, the module reports a vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.ssh/authorized_key.../_/.ssh/authorized_k...
Matching conditions
word: ssh-dss, ssh-ed25519, ssh-rsa, ecdsa-sha...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability