Skip to content

SSH Password

Service Name: SSH (Secure Shell)

Service Description: SSH is a cryptographic network protocol used for secure communication over an unsecured network, providing a secure channel for data communication, remote command-line login, remote command execution, and other secure network services between two networked computers.

Service Address: N/A (SSH is a protocol, not a specific service provider)

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants shell access to remote servers via SSH authentication

Secret Revokement URL: Does not exist

Secret Example: P@ssw0rd123!

Suspicious Activity Investigation Instructions:

  • Check server logs for unusual login attempts or successful logins from unexpected IP addresses
  • Review SSH authentication logs (typically in /var/log/auth.log or /var/log/secure)
  • Check for any unauthorized changes to files or system configurations
  • Monitor for unusual network traffic or connections from the compromised server
  • Review command history on affected systems

Mitigation Instructions:

  • Immediately change the SSH password on all affected systems
  • Consider implementing SSH key-based authentication instead of password authentication
  • Update /etc/ssh/sshd_config to disable password authentication (PasswordAuthentication no)
  • Implement IP restrictions for SSH access where possible
  • Enable two-factor authentication for SSH if available
  • Audit all user accounts with SSH access and remove unnecessary accounts
  • Consider changing the default SSH port from 22 to a non-standard port