« New Microsoft Office Multiple Code Execution Vulnerabilities
HowTo: Find SSH Hackers IP’s in a jiffy »

SSH Hacking Prevention Guide

Hello all , first things first, use more than 8 or 12 characters damnit! So I have decided to write a short article about SSH Hacking, perhaps I should have really named it SHA-2 hacking, or SSHD hacking or a combination, I’m really not sure. As a lot of you will probably already know , running SSHD on unix was always considered safe for SHA-1 encryption keys, but not too long ago, it was “proven” that 99.9% of SHA-1 was crackable, and that precomputation tables were made for time-memory trade-off cracking; which in short, is a very effective way to break passwords faster. SHA-1 a once powerful hash, is no longer considered strong nor secure. Infact, in most security articles you will find in bold you must use >=SHA-2 hashes (greater than or equal to)
What is SHA?

The SHA (Secure Hash Algorithm) family is a set of related cryptographic hash functions. The most commonly used function in the family, SHA-1, is employed in a large variety of popular security applications and protocols, including TLS, SSL, PGP, SSH, S/MIME, and IPSec. SHA-1 was considered to be the successor to MD5, an earlier, widely-used hash function. Both are reportedly compromised. In some circles, it is suggested that SHA-256 or greater be used for critical technology. The SHA algorithms were designed by the National Security Agency (NSA) and published as a US government standard.

SHA-2
No attacks have yet been reported on the SHA-2 variants, but since they are similar to SHA-1, researchers are worried, and are developing candidates for a new, better hashing standard such as SHA-256 and SHA-512. More about Hash Alogorithms later though!
Real Hack attempts on My Machine yesterday
Recently some of my machines around the internet have been exposed to many hack attempts, some of which, were quite inspiring, if not a little troubling. Of course my security was adequate to stop the user logging in, but their attempts are logged none the less, and I have included a list of some of the usernames they attempted on my machines, in vain. I have since quadrupled the security on the machine, and look forward to posting the usernames that you will find below - that are being used and exploited by such SSHD cracker scripts.

Making SSHD Secure

Here are a list of checkpoints for your sshd_config located in /etc/ssh/ on most machines.

  1. set port from port 22 to higher random port ####
    1. port 20309
  2. ensure your using protocol 2
    1. Protcol 2
  3. Decrease the LoginGraceTime Interval to 120 or lower
    1. LoginGraceTime 120
  4. Do not permit root login
    1. PermitRootLogin no
  5. Remember these are just basic guidelines, there are many changes you can make in /etc/ssh/ to improve your ssh security. (such as >3des ciphers)
  6. Also remember not to use short usernames, as the known kiddie-script ssh cracking aliases shown below are generally fairly short or stupid usernames for a person to be using, beware of the stupid sys admin.
  7. Remember to check your /var/log/auth.log* ’s files they are invaluable to catching hackers.

Random Hacker of the Day Exposé

azio:~# cat /var/log/auth.log | grep illegal user | grep from
Oct 10 10:49:36 localhost sshd[8646]: input_userauth_request: illegal user boris

Boris’ IP was: 218.188.3.152

Hi Boris. Whoever you may be.

A little bit about Boris’ Provider:

inetnum:      218.188.0.0 - 218.189.255.255
netname:      HGC
descr:        Hutchison Global Communications
country:      HK
admin-c:      IH17-AP
tech-c:       IH17-AP
mnt-by:       APNIC-HM
mnt-lower:    MAINT-HK-HGCADMIN
remarks:      included the /17 previous allocation
changed:      andycw@hgc.com.hk 20040209
status:       ALLOCATED PORTABLE
changed:      hm-changed@apnic.net 20040212
source:       APNIC

Over 1000 Known SSHD “Kiddie-Script-Hack” Aliases

  1. !@#$%
  2. 007
  3. 1
  4. 111111
  5. 123
  6. 123123
  7. 1234
  8. 12345
  9. 123456
  10. 1234567
  11. 12345678
  12. 1928
  13. 1969
  14. 1q2w3e
  15. 50cent
  16. 5683
  17. 654321
  18. 666666
  19. 696969
  20. 777
  21. 7777
  22. 8675309
  23. 888888
  24. a
  25. a12345
  26. a1b2c3
  27. a1b2c3d4
  28. aaa
  29. aaaaaa
  30. aaron
  31. abby
  32. abc
  33. abc123
  34. abcdef
  35. abira
  36. absolut
  37. abuse
  38. access
  39. ada
  40. adabe
  41. adelina
  42. adeline
  43. adidas
  44. adina
  45. adm
  46. adm1
  47. adm2
  48. adm3
  49. adm4
  50. adm5
  51. admin
  52. administrator
  53. admissio
  54. adornnyc
  55. adrian
  56. adriana
  57. adschool
  58. adsens10
  59. adsense
  60. alaska
  61. albert
  62. alessa
  63. alex
  64. alexander
  65. alexandr
  66. alexis
  67. alfred
  68. ali
  69. alian
  70. alice
  71. alin
  72. alina
  73. alissa
  74. alka
  75. allyson
  76. alpha
  77. amanda
  78. amavis
  79. amber
  80. amivaro
  81. andra
  82. andrada
  83. andrea
  84. andreas
  85. andrei
  86. andrey
  87. andy
  88. angel
  89. angela
  90. angie
  91. animal
  92. anna
  93. anthony
  94. apple
  95. apples
  96. archie
  97. arnold
  98. arrobaho
  99. art
  100. arthur
  101. asdf
  102. asdfgh
  103. asdfjkl
  104. ashley
  105. ASP
  106. ASP.NET
  107. athena
  108. atila
  109. august
  110. austin
  111. avalon
  112. awesome
  113. babylon5
  114. badger
  115. bamboo
  116. bandit
  117. barbara
  118. barney
  119. baseball
  120. basf
  121. basketball
  122. batman
  123. beagle
  124. bears
  125. beatles
  126. beautiful
  127. beaver
  128. beavis
  129. benjamin
  130. benny
  131. berit
  132. bigmac
  133. bill
  134. billy
  135. bingo
  136. bird33
  137. bitch
  138. biteme
  139. black
  140. blazer
  141. blenche
  142. blonde
  143. blue
  144. bluebird
  145. bob
  146. bobby
  147. bond007
  148. bonnie
  149. booboo
  150. booger
  151. boogie
  152. boomer
  153. boris
  154. boston
  155. bouavista
  156. bpneus
  157. bradley
  158. brandon
  159. brandy
  160. brenda
  161. brian
  162. bright
  163. bubba
  164. bubba1
  165. bubbles
  166. buddy
  167. buffy
  168. buster
  169. butthead
  170. button
  171. buttons
  172. by
  173. byozko
  174. byshekil
  175. bytmr
  176. ca
  177. caagroup
  178. cactus
  179. caitlin
  180. camaro
  181. camera
  182. canada
  183. candy
  184. captain
  185. carina
  186. carlos
  187. carmen
  188. caro
  189. caroline
  190. carrie
  191. casey
  192. casper
  193. catalog
  194. catch22
  195. catherine
  196. cedru
  197. challenge
  198. chance
  199. charity
  200. charles
  201. charlie
  202. charlotte
  203. cheese
  204. chelsea
  205. cheryl
  206. chicken
  207. chloe
  208. chocolate
  209. chris
  210. chris1
  211. christian
  212. christin
  213. christoph
  214. cindy
  215. claire
  216. clancy
  217. clark
  218. claudia
  219. clipper
  220. coala
  221. coca
  222. cocacola
  223. coffee
  224. coke
  225. coltrane
  226. compaq
  227. compton
  228. computer
  229. congo
  230. connect
  231. conrad
  232. contra
  233. control
  234. cooper
  235. cooter
  236. copper
  237. cornelia
  238. cosmin
  239. cosmos
  240. cosmote
  241. cougar
  242. cowboy
  243. cozma
  244. cozo
  245. cozo1
  246. cozo123
  247. cracker
  248. crawford
  249. cricket
  250. cruise
  251. crystal
  252. curtis
  253. cyclone
  254. cyrano
  255. dakota
  256. dallas
  257. dan
  258. dance
  259. daniel
  260. danny
  261. dario
  262. dave
  263. david
  264. david1
  265. dawn
  266. dean
  267. debbie
  268. delia
  269. deliver
  270. delta
  271. denise
  272. dennis
  273. deutsch
  274. dhana
  275. diablo
  276. digital
  277. dilbert
  278. dimi
  279. dimmy
  280. dirk
  281. disney
  282. distins
  283. doctor
  284. dog
  285. dogdayca
  286. dogspeak
  287. doina
  288. dollars
  289. dolphin
  290. domainki
  291. domareal
  292. dominik
  293. donald
  294. dookie
  295. doom
  296. dorothy
  297. douglas
  298. dragon
  299. dreamer
  300. dreams
  301. duck
  302. duckie
  303. duke
  304. dumbass
  305. dundee
  306. dvd
  307. e-mail
  308. eagles
  309. eddie
  310. edom
  311. edom1
  312. edward
  313. eeyore
  314. einstein
  315. eismann
  316. eismannw
  317. elephant
  318. elizabeth
  319. ellelweb
  320. elvis
  321. emberton
  322. emcad1
  323. emily
  324. emsweb
  325. englishp
  326. enter
  327. epro
  328. eps1
  329. eric
  330. eroadmin
  331. erricson
  332. esoteric
  333. etont
  334. euroalm
  335. eurofax
  336. europe
  337. eurosport
  338. eurosports
  339. explorer
  340. export
  341. fabian
  342. faith
  343. falcon
  344. family
  345. fantasti
  346. fantasti1
  347. farmer
  348. fbi
  349. felix
  350. ferrari
  351. filter
  352. fire
  353. firebird
  354. firewall
  355. fish
  356. fisher
  357. fishing
  358. flamingo
  359. fletcher
  360. flip
  361. flipper
  362. florian
  363. flower
  364. floyd
  365. fluffy
  366. foobar
  367. football
  368. for
  369. ford
  370. fountain
  371. fox
  372. foxtrot
  373. france
  374. francis
  375. franklin
  376. franziska
  377. freak1
  378. fred
  379. freddy
  380. freedom
  381. friday
  382. friend
  383. friends
  384. frodo
  385. frog
  386. froggy
  387. ftp1
  388. ftpftp
  389. ftptest
  390. ftpuser
  391. fucker
  392. fuckoff
  393. fullas
  394. gabriel
  395. gabriell
  396. galaxy
  397. galileo
  398. gambit
  399. gandalf
  400. garden
  401. garfield
  402. garlic
  403. garnet
  404. genesis
  405. genius
  406. george
  407. giants
  408. ginger
  409. gizmo
  410. global
  411. godzilla
  412. goforit
  413. golf
  414. golfer
  415. goober
  416. goodluck
  417. goofy
  418. gopher
  419. grace
  420. gramet
  421. graphics
  422. grateful
  423. greateye
  424. green
  425. greenday
  426. gregott
  427. groovy
  428. grover
  429. gs5fb1
  430. gtool
  431. guest
  432. guitar
  433. hacker
  434. hammer
  435. hansolo
  436. happy
  437. happy1
  438. harley
  439. harmony
  440. harry
  441. hazel
  442. heather
  443. hector
  444. hello
  445. help
  446. helpme
  447. hendrix
  448. henry
  449. herbert
  450. herman
  451. hockey
  452. homer
  453. honda
  454. honey
  455. hoops
  456. horizon
  457. hornet
  458. horses
  459. house
  460. houston
  461. howard
  462. hula
  463. hummer
  464. hunter
  465. ice
  466. icecream
  467. iceman
  468. ics
  469. iguana
  470. ileana
  471. iloveyou
  472. imagine
  473. impala
  474. ina
  475. indiana
  476. indigo
  477. info
  478. info1
  479. info2
  480. info3
  481. info4
  482. info5
  483. informix
  484. ingo
  485. ingrid
  486. insane
  487. inside
  488. intercon
  489. internet
  490. ioana
  491. ionel
  492. ionela
  493. ionica
  494. irish
  495. iroman
  496. ironman
  497. island
  498. jachy
  499. jack
  500. jake
  501. james
  502. jane
  503. janeben
  504. janet
  505. janice
  506. jasmin
  507. jasmine
  508. jason
  509. jason1
  510. jasper
  511. jeanette
  512. jeanne
  513. jeffrey
  514. jenifer
  515. jenni
  516. jennifer
  517. jeremy
  518. jerry
  519. jessica
  520. jesus
  521. jesus1
  522. jewels
  523. jim
  524. joe
  525. joel
  526. joey
  527. john
  528. joker
  529. jonathan
  530. jordan
  531. joseph
  532. joshua
  533. jubilate
  534. julian
  535. julie
  536. julie1
  537. junior
  538. juno
  539. jupiter
  540. juro
  541. justice
  542. justin
  543. justin1
  544. karen
  545. katherine
  546. kathleen
  547. kathrin
  548. keith
  549. kelly
  550. kelly1
  551. kelsey
  552. kennedy
  553. kent
  554. kermit
  555. kevin
  556. kevin1
  557. keyboard
  558. killer
  559. kingfish
  560. kitty
  561. kitz
  562. kitz1
  563. kitz123
  564. knicks
  565. knight
  566. koala
  567. komikis
  568. komikis1
  569. konforti
  570. konforti1
  571. kozalak
  572. kraft
  573. kritlow
  574. kryddbut
  575. ktaclan
  576. labs
  577. lacrosse
  578. lady
  579. lakers
  580. lamas
  581. lamas1
  582. laris
  583. larry
  584. larry1
  585. lauren
  586. ledzep
  587. lee
  588. leonard
  589. leslie
  590. lestat
  591. leticia
  592. letitia
  593. letmein
  594. lg
  595. library
  596. lili
  597. lincoln
  598. linda
  599. lionking
  600. lisa
  601. lizard
  602. lm
  603. loading
  604. loading1
  605. loading123
  606. loffi
  607. logan
  608. london
  609. lorenas
  610. lorenas1
  611. lorenas123
  612. louise
  613. love
  614. luana
  615. lucky
  616. lucky1
  617. lucy
  618. luisa
  619. luke
  620. lydia
  621. mada
  622. maddog
  623. maddy
  624. madison
  625. maggie
  626. magic
  627. mailftp
  628. mailman
  629. mailtest
  630. majordomo
  631. maketour
  632. mamica
  633. mandela
  634. mantra
  635. manu
  636. manuel
  637. manuela
  638. marcel
  639. marcus
  640. margaret
  641. marian
  642. marie
  643. marijke
  644. marina
  645. mariposa
  646. mark
  647. market
  648. marlboro
  649. marley
  650. martin
  651. martin1
  652. marty
  653. marvin
  654. mary
  655. maryjane
  656. master
  657. master1
  658. mathildi
  659. matrix
  660. matt
  661. Matthew
  662. maverick
  663. maxim
  664. mayday
  665. mazda1
  666. megaherz
  667. megaherz1
  668. melanie
  669. mensuck
  670. mercedes
  671. mercury
  672. merlin
  673. metal
  674. metallic
  675. michaela
  676. michel
  677. mickey
  678. micro
  679. midori
  680. mike
  681. mikey
  682. millie
  683. minnie
  684. mirage
  685. missy
  686. misty
  687. mitch
  688. mitchell
  689. mixit
  690. mixit1
  691. mixit123
  692. mmm
  693. molly
  694. molson
  695. mom
  696. monday
  697. monet
  698. money
  699. money1
  700. monica
  701. monkey
  702. monopoly
  703. mookie
  704. moose
  705. morgan
  706. moroni
  707. mother
  708. motorola
  709. mountain
  710. mouse
  711. muffin
  712. murphy
  713. music
  714. mustang
  715. nadine
  716. nancy
  717. naomi
  718. nascar
  719. natalia
  720. natasha
  721. nathan
  722. ncc1701
  723. ncc1701d
  724. ncc1701e
  725. nelson
  726. nesbitt
  727. netware
  728. nevada
  729. newpass
  730. newuser
  731. newwayto
  732. newyork
  733. nfls
  734. nguyen
  735. nheen
  736. nhtogo
  737. nicholas
  738. nicole
  739. niko
  740. nils
  741. nimrod
  742. nina
  743. niners
  744. nirtech
  745. nirtech1
  746. nirvana
  747. nokia
  748. none
  749. nothing
  750. ocdoo
  751. october
  752. odan
  753. olive
  754. oliver
  755. olivia
  756. omereila
  757. one
  758. online
  759. open
  760. oracle
  761. orange
  762. oscar
  763. OU812
  764. oxana
  765. oxford
  766. pacific
  767. painter
  768. pamela
  769. panasonic
  770. pangeea
  771. pantera
  772. papaye
  773. paris
  774. parker
  775. passwd
  776. password
  777. pat
  778. patricia
  779. patrick
  780. paul
  781. peace
  782. peaches
  783. peanut
  784. pearljam
  785. penelope
  786. penguin
  787. pentium
  788. pepper
  789. pepsi
  790. peru
  791. pete
  792. peter
  793. petunia
  794. phantom
  795. phil
  796. philip
  797. philipp
  798. phish
  799. phoenix
  800. phoenix1
  801. photo
  802. photonx
  803. piano
  804. pickle
  805. picture
  806. pierre
  807. piglet
  808. pionner
  809. pit
  810. pizza
  811. player
  812. please
  813. poiana
  814. poiuyt
  815. poohbear
  816. pookie
  817. popcorn
  818. popey
  819. popey1
  820. popey123
  821. porsche
  822. porsche911
  823. porter
  824. ppp
  825. praga
  826. presiden
  827. prince
  828. princess
  829. psycho
  830. pumpkin
  831. punkin
  832. purple
  833. PuTTYPuTTYPuTTYPuTTYPuTTYfirebird
  834. pyramid
  835. qwerty
  836. rabbit
  837. rabia
  838. rachel
  839. rain
  840. rainbow
  841. randy
  842. ranger
  843. rascal
  844. ray1
  845. raymond
  846. rayone
  847. rebecca
  848. rebelde
  849. red
  850. redbul
  851. redbull
  852. reddog
  853. richard
  854. robert
  855. robin
  856. roces
  857. rocket
  858. rocky
  859. roger
  860. romina
  861. ronny
  862. rose
  863. rosebud
  864. roses
  865. route66
  866. roxana
  867. roxi
  868. roxy
  869. royal
  870. royalking
  871. running
  872. ruxandra
  873. sabrina
  874. sadie
  875. sales
  876. salmon
  877. sam
  878. samson
  879. sandra
  880. sandro
  881. sandy
  882. sara
  883. sarah
  884. sarikaya
  885. sas
  886. sascha
  887. sasha
  888. sassysam
  889. sastrade
  890. saturn
  891. sauberb
  892. savebiz
  893. school
  894. school1
  895. scooter
  896. scott
  897. security
  898. sergei
  899. service
  900. serwis
  901. shadow
  902. shalom
  903. shannon
  904. sharon
  905. sheena
  906. sheila
  907. shithead
  908. show
  909. siemens
  910. sierra
  911. silver
  912. simi
  913. simina
  914. simona
  915. simone
  916. sinja
  917. sinteza
  918. sirus
  919. sivan
  920. sivan1
  921. sivan123
  922. skeeter
  923. skiing
  924. skippy
  925. smile
  926. smokey
  927. snapple
  928. snoopy
  929. snowball
  930. soccer
  931. sophie
  932. sorin
  933. sorina
  934. sparky
  935. sparrow
  936. special
  937. spencer
  938. spike
  939. spring
  940. stanley
  941. star
  942. startrek
  943. static
  944. stealth
  945. steelers
  946. stefana
  947. stephan
  948. stephanie
  949. stephen
  950. steve
  951. steven
  952. stick
  953. stick1
  954. stimpy
  955. struf
  956. student
  957. success
  958. summer
  959. sun
  960. sunflower
  961. sunny
  962. sunshine
  963. superman
  964. support
  965. susanne
  966. sven
  967. sweetie
  968. sydney
  969. sylvia
  970. systuser
  971. tamara
  972. tanja
  973. tara
  974. Taurus
  975. taylor
  976. teacher
  977. tech
  978. techno
  979. telecom
  980. tennis
  981. teresa
  982. termopan
  983. test
  984. test1
  985. test123
  986. testing
  987. theresa
  988. thomas
  989. thunderbird
  990. thx1138
  991. tiger
  992. tigers
  993. tigger
  994. tim
  995. tina
  996. tino
  997. tir
  998. tma
  999. tobi
  1000. toddste
  1001. togo
  1002. tomadmin
  1003. tommy
  1004. tonses
  1005. tony
  1006. topgun
  1007. topliner
  1008. toyota
  1009. training
  1010. travel
  1011. tristan
  1012. trium
  1013. truck
  1014. trustno1
  1015. tuesday
  1016. ubas
  1017. uma
  1018. uraganu
  1019. user
  1020. userftp
  1021. valeria
  1022. very
  1023. viceroy
  1024. victoria
  1025. victory
  1026. video
  1027. viper1
  1028. volvo
  1029. wally
  1030. walter
  1031. webadmin
  1032. welcome
  1033. wesley
  1034. whatever
  1035. whisky
  1036. william
  1037. willie
  1038. wilson
  1039. winner
  1040. winter
  1041. wizard
  1042. wladimir
  1043. wolman
  1044. wolves
  1045. work
  1046. xenia
  1047. xp
  1048. xxx
  1049. xyz123
  1050. yessi
  1051. zandra
  1052. zapata
  1053. zephyr
  1054. ziggy
  1055. zoliba
  1056. zorro
  1057. zxcvbnm

This entry was posted Wednesday, October 11th, 2006 at 1:45 pm and is filed under Computing, Password Cracking. You can leave a response, or trackback from your own site.

2 Responses to “SSH Hacking Prevention Guide”

  1. boris Says:
    October 11th, 2006 at 3:41 pm

    While you have some good tips on securing SSHD, I don’t understand where you connect SHA-1/MD5 precomputation tables with an SSH brute force login attempt.
    You may also want to clean up references to “SHA-1 encryption keys” (hash keys are not encryption keys). TMTO attacks have also been known for decades and technically apply to every hash algorithm.

  2. azio Says:
    October 11th, 2006 at 5:34 pm

    Hi Boris (lol), thanks for your comment, I have connected SHA-1 and MD5 precomputation tables together because there actually exists SHA-1 collision tables that are in circulation; specifically articles refering to “SHA-1 broken by research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China)” allowing for very rapid bruteforcing of SHA-1 (and assuming that someone gains access to your passwd and shadow file) it becomes a significant problem with SSH logins (without requiring any bruteforce login attempts as the password is of precomputated datatype).

    Regarding the SHA-1 encryption keys, well, I’m sorry about that, there is no excuse really. The encryption key itself and the hashing key are indeed different.

    Thanks,

    Best Wishes,
    Azio

Leave a Reply

return of the men in black