SSH also referred to as Secure Shell, is a cryptographic network protocol which secures remote login from one computer to another. It is employed by almost all the Linux sysadmins and although Windows users are more acquainted with Remote Desktop Protocol (RDP), many of Window sysadmins also use SSH instead of RDP, the reason being its Raw power.
RDP provides full graphical remote control of a Windows computer to its users along with access to the regular Windows desktop through keyboard and mouse, whereas SSH, which is comparatively more genric, allows user to run almost every program remotely which further lets him administer the system automatically from a distance through pre-written scripts or by entering commands live, it also allows user to do both simultaneously.
Resultantly, cybercriminals who somehow can get access to a user’s SSH password can also access his system, if not the entire network.
Network tunneling is another feature provided by SSH, wherein, users build an encrypted network connection between multiple computers, they start from one computer to another and extends that connection to a third system to carry out the online work.
SSH server also acts as a special-purpose VPN or encrypting proxy when it allows users to redirect network traffic when they are on the go.
Therefore, criminals who have access to any user’s SSH password can use his server as the basis for his future attacks and the victims would be blaming the owner of the server.
Now, unfortunately, people have an SSH server at their home even if they don’t realize it as home routers have a pre-configured SSH server which is placed for administrative reasons.
While hacking, cybercriminals do not differentiate between the SSH servers manages by users themselves and those managed by their ISP’s, they go on exploiting regardless, as these servers can potentially allow them to breach data and make a profit via reselling it.
Users are advised to take the time to understand and get familiar with their router’s configuration settings, in the cases where it is not managed by ISP. Furthermore, turn off all the features you don’t require and also the ones you are not certain about. Lastly, ensure that you are using the latest version.
This post appeared first on E Hacking News