Penetration and security of openssh remote secure shell service on raspberry Pi 2
Source of Publication
2018 9th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2018 - Proceedings
© 2018 IEEE. This research presents a penetration testing approach to help secure OpenSSH service on Raspberry Pi 2. The study discusses a technique for penetrating Debian v7.1p2, installed on Raspberry Pi 2, using Kali Linux. We exploit the vulnerability found in SSH protocol exchange keys, which causes multiple CRLF injections in Raspberry Pi 2 Model B, allowing remote authenticated users to bypass intended shell-command restrictions via well crafted X11 data forwarding. We propose an innovative security model to solve the issues of allowing remote authentication access using SSH protocol exchange keys without affecting the encrypted protocols transmissions. We conclude with recommendations on how to securely mitigate MITM attacks using our secure proposed model.
Institute of Electrical and Electronics Engineers Inc.
Man-in-the-middle attack, OpenSSH, Penetration testing, Raspberry Pi 2, Remote authentication, Vulnerability assessment
Alsaadi, Hesham H.; Aldwairi, Monther; Al Taei, May; Albuainain, Mansoor; and Alkubaisi, Maktoom, "Penetration and security of openssh remote secure shell service on raspberry Pi 2" (2018). All Works. 2652.
Indexed in Scopus