reinitialized.net/infrastructure
2
0
Fork 0
Code Issues 37 Pull requests Projects Releases Packages Wiki Activity Actions

[HIGH] SSH password authentication enabled on 10.1.11.21 (undocumented media server) #37

New issue
Open
opened 2026-05-06 10:46:25 -05:00 by pjennings · 0 comments
pjennings commented 2026-05-06 10:46:25 -05:00
Owner
Copy link

Description

SSH on host 10.1.11.21 accepts password-based authentication. This is the only host on the 10.1.11.0/24 subnet that accepts password logins.

Finding Details

  • Host: 10.1.11.21
  • Port: 22/tcp
  • Service: OpenSSH 9.9 (protocol 2.0)
  • Auth methods: publickey, gssapi-keyex, gssapi-with-mic, password
  • Discovered by: nmap ssh-auth-methods script, 2026-05-06

Comparison with other hosts

Host SSH Version Password Auth
10.1.11.2 (apps1) OpenSSH 10.2 publickey only
10.1.11.3 (apps2) OpenSSH 10.2 publickey only
10.1.11.4 (apps3) OpenSSH 10.2 publickey only
10.1.11.11 (db1) OpenSSH 10.2 publickey only
10.1.11.21 OpenSSH 9.9 password accepted

Risk

Password authentication is vulnerable to brute-force attacks. Combined with 8 exposed web services (see #36), a compromised SSH session could provide full control of the media stack.

Recommendations

  1. Set PasswordAuthentication no in /etc/ssh/sshd_config
  2. Restart sshd
  3. Verify key-based access works first
  4. Consider fail2ban

References

  • Related: docs/network-scan-2026-05-06.md (Finding F-02)
  • Related: #36 (Undocumented media server)
## Description SSH on host `10.1.11.21` accepts password-based authentication. This is the only host on the 10.1.11.0/24 subnet that accepts password logins. ## Finding Details - **Host:** 10.1.11.21 - **Port:** 22/tcp - **Service:** OpenSSH 9.9 (protocol 2.0) - **Auth methods:** publickey, gssapi-keyex, gssapi-with-mic, password - **Discovered by:** nmap ssh-auth-methods script, 2026-05-06 ### Comparison with other hosts | Host | SSH Version | Password Auth | |------|------------|---------------| | 10.1.11.2 (apps1) | OpenSSH 10.2 | publickey only | | 10.1.11.3 (apps2) | OpenSSH 10.2 | publickey only | | 10.1.11.4 (apps3) | OpenSSH 10.2 | publickey only | | 10.1.11.11 (db1) | OpenSSH 10.2 | publickey only | | 10.1.11.21 | OpenSSH 9.9 | password accepted | ## Risk Password authentication is vulnerable to brute-force attacks. Combined with 8 exposed web services (see #36), a compromised SSH session could provide full control of the media stack. ## Recommendations 1. Set PasswordAuthentication no in /etc/ssh/sshd_config 2. Restart sshd 3. Verify key-based access works first 4. Consider fail2ban ## References - Related: docs/network-scan-2026-05-06.md (Finding F-02) - Related: #36 (Undocumented media server)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
indev
No results found.
Labels
Clear labels   
area:documentation

Documentation, inventory, runbooks

  
area:infrastructure

Infrastructure services and hardware

  
area:network

Network, firewall, and connectivity

  
area:security

Security vulnerabilities and findings

  
priority:critical

Fix immediately — active risk

  
priority:high

Fix within 1-2 weeks

  
priority:low

Backlog — hardening and best practices

  
priority:medium

Fix within 1 month

  
status:blocked

Blocked on dependency or decision

  
type:bug

Misconfiguration or broken behavior

  
type:deployment

New service or system deployment

  
type:enhancement

Improvement or hardening

  
type:investigation

Needs research or identification

No labels
area:documentation
area:infrastructure
area:network
area:security
priority:critical
priority:high
priority:low
priority:medium
status:blocked
type:bug
type:deployment
type:enhancement
type:investigation
Milestone
Clear milestone
No items
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
reinitialized.net/infrastructure#37
No description provided.