Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "SSH Known Hosts" module is designed to detect misconfigurations related to the SSH known_hosts file. It targets systems that use SSH for remote access and checks for potential vulnerabilities or exposure.
This module has a low severity level, indicating that the detected issues may not pose a significant threat but should still be addressed to ensure the security of the SSH configuration.
This module was authored by geeknik.
If misconfigurations or vulnerabilities are found in the SSH known_hosts file, it could potentially lead to unauthorized access or man-in-the-middle attacks. Attackers may be able to intercept SSH connections or impersonate legitimate hosts, compromising the confidentiality and integrity of the communication.
The "SSH Known Hosts" module performs HTTP requests to specific paths, namely "/.ssh/known_hosts" and "/.ssh/known_hosts.old". It then applies matching conditions to determine if any misconfigurations or vulnerabilities exist.
The module uses two types of matchers:
- Word Matcher: It checks if the known_hosts file contains specific SSH key types, such as "ssh-dss", "ssh-ed25519", "ssh-rsa", or "ecdsa-sha2-nistp256". If any of these key types are found, it indicates the presence of potential vulnerabilities. - Status Matcher: It verifies if the HTTP response status is 200, indicating a successful request. This condition ensures that the known_hosts file is accessible and can be analyzed for potential issues.By combining these matchers using the "and" condition, the module determines if the SSH known_hosts file is misconfigured or vulnerable.
It is important to note that this module is just one test case within the Vidoc platform, which utilizes multiple modules to perform comprehensive scanning and analysis.
For more information, you can refer to the SSH Known Hosts reference.