SSH Password
Service Name: SSH (Secure Shell)
Service Description: SSH is a cryptographic network protocol used for secure communication over an unsecured network, providing a secure channel for data communication, remote command-line login, remote command execution, and other secure network services between two networked computers.
Service Address: N/A (SSH is a protocol, not a specific service provider)
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants shell access to remote servers via SSH authentication
Secret Revokement URL: Does not exist
Secret Example: P@ssw0rd123!
Suspicious Activity Investigation Instructions:
- Check server logs for unusual login attempts or successful logins from unexpected IP addresses
- Review SSH authentication logs (typically in /var/log/auth.log or /var/log/secure)
- Check for any unauthorized changes to files or system configurations
- Monitor for unusual network traffic or connections from the compromised server
- Review command history on affected systems
Mitigation Instructions:
- Immediately change the SSH password on all affected systems
- Consider implementing SSH key-based authentication instead of password authentication
- Update /etc/ssh/sshd_config to disable password authentication (PasswordAuthentication no)
- Implement IP restrictions for SSH access where possible
- Enable two-factor authentication for SSH if available
- Audit all user accounts with SSH access and remove unnecessary accounts
- Consider changing the default SSH port from 22 to a non-standard port