Monitoring HPC Systems against Compromised SSH

计算机科学 环境科学
作者
Lev Lafayette,Narendra Chinnam,Timothy Rice
出处
期刊:Chapman and Hall/CRC eBooks [Informa]
卷期号:: 333-354
标识
DOI:10.1201/9781003155799-12
摘要

Secure Shell is a very well established cryptographic network protocol for accessing operating network services and is the typical way to access high-performance computing (HPC) systems in preference to various unsecured remote shell protocols, such as rlogin, telnet, and ftp. SSH can be managed through configuration files and with passwordless SSH key-pairs easily automated in scripts. Despite the justified popularity and engineering excellence of SSH, in May 2020 multiple HPC centres across Europe found themselves subject to cyber-attacks via compromised SSH credentials. Based at experiences at the University of Melbourne HPC, it is possible at a system level using ssh-keygen to script a search to detect all keys with an empty password even when they are named differently with additional complexity required when parsing non-standard directories and configuration files. This is far more elegant than conducting a grep for MII and similar techniques which is commonly suggested. A further alternative is a test making direct use of libssh headers. This however, will require a version of libssh which incorporates the new SSH format, which is atypical for HPC systems which tend to have a degree of stability in the operating system level, even if they make use of diverse versions and compilers on the application level. Of course, invoking a different version of libssh (e.g., through an environment modules approach) provides an alternative solution which can be incorporated into a small C program (key_audit.c), which elegantly tests validation of an empty passphrase against a given keyfile.

科研通智能强力驱动
Strongly Powered by AbleSci AI
科研通是完全免费的文献互助平台,具备全网最快的应助速度,最高的求助完成率。 对每一个文献求助,科研通都将尽心尽力,给求助人一个满意的交代。
实时播报
刚刚
YYlwl完成签到 ,获得积分10
刚刚
1秒前
gengwenjing完成签到,获得积分10
1秒前
1秒前
2秒前
柔弱的幻灵完成签到,获得积分10
2秒前
隐形曼青应助xr采纳,获得10
3秒前
3秒前
3秒前
淡定树叶发布了新的文献求助10
3秒前
Oswin发布了新的文献求助10
4秒前
JOE发布了新的文献求助10
5秒前
5秒前
5秒前
奋斗夏云发布了新的文献求助10
6秒前
lll发布了新的文献求助10
6秒前
6秒前
7秒前
吴慧琼发布了新的文献求助10
7秒前
爆米花应助白白采纳,获得10
7秒前
Excelisior发布了新的文献求助10
8秒前
FashionBoy应助ysx采纳,获得10
9秒前
果果完成签到,获得积分10
9秒前
瑾妍完成签到 ,获得积分10
9秒前
10秒前
12秒前
OMR123发布了新的文献求助10
12秒前
13秒前
机智洋发布了新的文献求助10
14秒前
梅者如西完成签到,获得积分10
14秒前
果果发布了新的文献求助30
14秒前
充电宝应助koui采纳,获得10
15秒前
15秒前
Hello应助Oswin采纳,获得10
16秒前
看帅哥黑客技术完成签到,获得积分10
17秒前
17秒前
慕青应助zang采纳,获得10
18秒前
上官若男应助奋斗夏云采纳,获得10
18秒前
白白发布了新的文献求助10
19秒前
高分求助中
Principles of Economics, 11th Edition 10000
University Physics with Modern Physics, 16th edition 10000
(应助此贴封号)【重要!!请各用户(尤其是新用户)详细阅读】【科研通的精品贴汇总】 10000
Development of a Bridge Weigh-In-Motion System: A technology to convert the bridge response to the passage of traffic into data on vehicle configurations, speeds, times of travel and weights 1000
Molecular Mechanisms of Photosynthesis, 4th Edition 1000
Organic Reactions, Volume 116 1000
Current concepts in cutaneous toxicity : proceedings of the Fourth Conference on Cutaneous Toxicity, Washington, D.C., May 9-11, 1979 1000
热门求助领域 (近24小时)
化学 材料科学 医学 生物 纳米技术 工程类 有机化学 化学工程 生物化学 计算机科学 内科学 物理 复合材料 催化作用 细胞生物学 无机化学 光电子学 物理化学 电极 基因
热门帖子
关注 科研通微信公众号,转发送积分 7262514
求助须知:如何正确求助?哪些是违规求助? 8883811
关于积分的说明 18774847
捐赠科研通 6941578
什么是DOI,文献DOI怎么找? 3202490
关于科研通互助平台的介绍 2375655
邀请新用户注册赠送积分活动 2178242