Packets generated by OpenSSH looks same in all cases. What kind of authentication is used – password or publickey authentication – is also terra incognita. But please don’t misunderstand me, SSH connections is pretty secure! There is no way no recognize or find some differences in secure shell or secure copy connections. Yeah, I was wrong to thinking that sniffer will not help.
Welcome to the network packets analysis 🙂 You will not need root-right, you will not need to be on the server at all. How we can get the same information without root-right on the server? There is the second way to get it. The problem is – I need to be root and I need to reconfigure and restart OpenSSH server… that is not intelligent and that’s why it’s a bit boring. After that try to copy something to the server and check the syslog:Īs you can see, server provide this information very easily. Let’s change it to DEBUG3 and restart OpenSSH server. The default value (tested on openSUSE) is set to INFO. There is an option in the config file calling LogLevel. My first idea was to get this information from OpenSSH server itself, because I was pretty sure that packet analysis will not help me. But there is nothing more interesting that to try to figure out how exactly all these things works together and try to find a way to detect what service is used on the server. In fact, both programs has been developed exactly with purpose to be secure enough to protect its users to network packet analysis. Both use the same protocol and the same port number. As you know, OpenSSH provides ssh(1) and scp(1) programs. That was interesting to spend some time and to try to detect what kind of service is use SSH.
0 kommentar(er)
