4

I often ssh into servers for work and play using dynamic dns with ssh keys that are password protected. Twice now (shame on me!) I have mistyped the dyndns.org part of the address and been greeted with several password prompts making me think id mistyped the password, before realizing the url was wrong.

I can see why someone would do this as if a site is not protected by ssh keys then the (probaly) nefarious site admin could then use the captured password to log into the fat fingered (like me) misptypers server.

But my question is: do I need to worry? (or in other words was my paranoia heart attack quickly change my ssh keys stress justified?)

jonnyxcvhanger
  • 63
  • 3

2 Answers2

3

Change your password.

Anytime you enter a password into an unknown server, change it immediately.

I don't believe your keys would be at risk, as the private key itself is never transmitted, only used to sign a piece of data to verify that you do in fact have it.

Hearth
  • 365
  • 1
  • 11
1

You should consider your password compromised. If you use that password on your local machine then change it NOW. It is trivial for a sysadmin to instrument their sshd to log all failed password attempts and the most serious threat is that a malicious operator will use those credentials to login to your system.

I would suggest two remedial actions: 1. For password based systems use a unique password for every site you visit. A random password generator would be ideal. 2. Switch to using certificate-based logins on the hosts you regularly use. No password prompt and no risk of compromise because all that the remote machine has is your public key.

stiabhan
  • 286
  • 1
  • 3