Security Vulnerabilities

SSH Private Key Scanning On the Rise

Duncan 2071 Views 0 Comments 0 min read

Threat actors are actively scanning web servers to find private Secure Shell (SSH) keys. The increase in this type of scan is due to either a bug or a common operational mistake made by web server administrators. Actors are looking for SSH keys in web directories where such a key would be stored, such as “root,” “ssh,” or “id_rsa.”

SSH is used as a secure way to connect to servers and communicate with them. It can be used get a terminal on a remote server and enter commands. For example, SSH is used for Secure File Transfer Protocol (SFTP) for WordPress.

Remediation

  • Ensure that SSH keys are stored in a private location.
  • Do not copy a private key to the remote server that is being logged in to.
  • SSH keys can also be protected with passwords.





Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.