DEV Community

mustafa
mustafa

Posted on

is everything well for ssh security?

I have a question about the situation on an ssh connection. First, I install openssh-server on a Debian (buster) machine, let called as ServerMach, then I connected to the ServerMach by another Debian client.

Alt Text

After successful connection established between client and server(time 18:40:56), I just stop ssh.services on the ServerMach (when 18:41:00) and I expect for the connection loss.

Alt Text

Then, I sent some further command from client machine to the ServerMach and the commands executed well.

Alt Text

When I looking the service status, the ssh service is down on the ServerMach while the connection seems Up in processes. In addition reverse connection, which is from server to client is also active as seen below. ( "wall demo" command is executed on the server and the strings printed out to the client terminal, seen in the image above)

Alt Text

Then I just kill the ssh process on the client side terminal and connection now broken.
Alt Text

So, the question is that: There is something wrong with ssh or sshd configurations or that is an expected case for ssh connections?


Further, if an attacker open an ssh connection on target machine and they just set different port and process name for the blind ssh connection. Then, if he/she run the new blind ssh connection with changed/hidden process name and port. Let the defensive side (the protector) catch the attacker's initial ssh connection but without the blind connection information. How the defender side block or shutdown the remote connection (attacker's blind ssh connection)?

I think when the ssh.services stopped on a server all the connections should be terminated, otherwise there will be a vulnerability.

Top comments (0)