A deeper understanding of SSH: Results from Internet-wide scans

Oliver Gasser, Ralph Holz, Georg Carle

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

15 Scopus citations

Abstract

Until recently, relatively little was known about the characteristics of the SSH protocol on the Internet, until two larger studies analysed the cryptographic properties of SSH host keys and identified weaknesses in a number of SSH devices. However, there is no succinct comprehensive image yet how the SSH landscape looks like from the point of view of deployment practices, especially with respect to key management. In this paper, we present the results of Internet-wide SSH scans that we carried out over a period of 7 months, which resulted in the largest data set to date. We enriched our data set with large-scale mappings obtained from DNS scans, AS and WHOIS lookups, and a geo-IP database. We analysed the distribution of server and protocol versions, and found that while SSH 2 has displaced SSH 1, the rate of software updates seems to be slow. We analysed the mentioned cryptographic weaknesses and found they have become fewer, but continue to persist one year after the disclosure. Finally, we investigated the reasons for duplicate yet cryptographically strong keys. We found these are used in very different setups at varying degrees of security. Some are indeed dangerous weaknesses, others are the result of a careful and centralised setup. By example of the ten most common keys, we show the circumstances in which they occur and assess the security of each deployment. Finally, we analysed the deployment of ciphers and associated key lengths and found good results in terms of security. As our scans are of a sensitive nature, we also document the ethical considerations that guided us.

Original languageEnglish
Title of host publicationIEEE/IFIP NOMS 2014 - IEEE/IFIP Network Operations and Management Symposium
Subtitle of host publicationManagement in a Software Defined World
PublisherIEEE Computer Society
ISBN (Print)9781479909131
DOIs
StatePublished - 2014
EventIEEE/IFIP Network Operations and Management Symposium: Management in a Software Defined World, NOMS 2014 - Krakow, Poland
Duration: 5 May 20149 May 2014

Publication series

NameIEEE/IFIP NOMS 2014 - IEEE/IFIP Network Operations and Management Symposium: Management in a Software Defined World

Conference

ConferenceIEEE/IFIP Network Operations and Management Symposium: Management in a Software Defined World, NOMS 2014
Country/TerritoryPoland
CityKrakow
Period5/05/149/05/14

Fingerprint

Dive into the research topics of 'A deeper understanding of SSH: Results from Internet-wide scans'. Together they form a unique fingerprint.

Cite this