[Touch-packages] [Bug 2024540] Re: SSH Vulnerability Can Gain Access even with Time OTP Enabled
The auth log you've attached does not appear to show any ssh sessions. You also have modified /etc/pam.d/sshd and /etc/ssh/sshd_config but have not included these files here. Where are you seeing that ssh logins are succeeding? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2024540 Title: SSH Vulnerability Can Gain Access even with Time OTP Enabled Status in openssh package in Ubuntu: New Bug description: Hi, We have noticed that when allowing firewall rule to open SSH port 22 of my computer, somebody in the local network gets access to the system, to prevent it we had added two factor authentication by adding Time based OTP using google authenticator and root login is disabled in configuration, our network have windows systems which are compromised they are infecting this system and installing XOR DDOS Malware in my system, the rkhunter log shows variation in lot of system binary files, The XOR DDOS is overwriting lot of files before installing itself in the system, i think there is some critical bug in ssh system, we thought they are bruteforcing ssh password, but even after putting time based two factor authentication they are able to infiltrate the system and gain access. The ubuntu we are using is 22.04 LTS Jammy. Our systems are constantly attacked by XOR DDOS Rootkit. We had even rate limited the ssh even then they gets access added OTP verification also. we think there is some severe security issue with ssh. More Details About XOR DDOS Here https://www.microsoft.com/en-us/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/ Also there is no option to attach multiple files here. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2024540/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2024540] Re: SSH Vulnerability Can Gain Access even with Time OTP Enabled
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2024540 Title: SSH Vulnerability Can Gain Access even with Time OTP Enabled Status in openssh package in Ubuntu: New Bug description: Hi, We have noticed that when allowing firewall rule to open SSH port 22 of my computer, somebody in the local network gets access to the system, to prevent it we had added two factor authentication by adding Time based OTP using google authenticator and root login is disabled in configuration, our network have windows systems which are compromised they are infecting this system and installing XOR DDOS Malware in my system, the rkhunter log shows variation in lot of system binary files, The XOR DDOS is overwriting lot of files before installing itself in the system, i think there is some critical bug in ssh system, we thought they are bruteforcing ssh password, but even after putting time based two factor authentication they are able to infiltrate the system and gain access. The ubuntu we are using is 22.04 LTS Jammy. Our systems are constantly attacked by XOR DDOS Rootkit. We had even rate limited the ssh even then they gets access added OTP verification also. we think there is some severe security issue with ssh. More Details About XOR DDOS Here https://www.microsoft.com/en-us/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/ Also there is no option to attach multiple files here. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2024540/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
