SSH Weak Key Exchange Algorithms Enabled on UniFi Wireless Access Points

Turritopsis Dohrnii Teo En Ming tdtemccnp at gmail.com
Thu Nov 3 15:12:05 UTC 2022 

On Fri, 28 Oct 2022 at 13:49, Alexander Dahl <ada at thorsis.com> wrote:

> Hei hei,
>
> Am Thu, Oct 27, 2022 at 09:17:40PM +0800 schrieb Turritopsis Dohrnii Teo
> En Ming:
> > On Thu, 27 Oct 2022 at 21:14, Markus Gothe <nietzsche at lysator.liu.se>
> wrote:
> >
> > > Hi, you are unfortunately reaching out to the wrong people. BusyBox
> does
> > > NOT provide a ssh server.
> > >
> > > Please contact the manufacturer of the product.
> > >
> > > //Markus
> > >
> > > Sent via BlackBerry Hub+ Inbox for Android
> > > <http://play.google.com/store/apps/details?id=com.blackberry.hub>
> > >
> >
> > Noted with thanks. I will contact Ubiquiti.
>
> You can certainly do that, but it is usually not that hard to find out
> which ssh software the remote server is running.  You could try
>
>     ssh -v root at host
>
> and would get something like this:
>
>     debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
>     debug1: Remote protocol version 2.0, remote software version dropbear
>     debug1: no match: dropbear
>
> Or this:
>
>     debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
>     debug1: Remote protocol version 2.0, remote software version
> OpenSSH_8.4p1 Debian-5+deb11u1
>     debug1: match: OpenSSH_8.4p1 Debian-5+deb11u1 pat OpenSSH* compat
> 0x04000000
>
> Another possibility would be to use nmap with the option -sV and you
> would get something like this:
>
>     PORT   STATE SERVICE VERSION
>     22/tcp open  ssh     Dropbear sshd (protocol 2.0)
>     MAC Address: 74:AC:B9:66:04:74 (Ubiquiti Networks)
>     Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
>
> Or this:
>
>     PORT   STATE SERVICE VERSION
>     22/tcp open  ssh     OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
>     MAC Address: 00:0C:29:4E:BE:9E (VMware)
>     Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
>
> Note: one of the devices I tried here is a Unifi AP AC-Lite. ;-)
>
> Greets
> Alex
>

Hi Alex,

My client has decided to disable/turn off the SSH server on all the UniFi
wireless access points.

So for the moment we will not be investigating what the SSH server is on
the UniFi wireless access points.

Thank you for your reply!


> >
> >
> > > *From:* tdtemccnp at gmail.com
> > > *Sent:* 27 October 2022 15:02
> > > *To:* busybox at busybox.net
> > > *Cc:* ceo at teo-en-ming-corp.com
> > > *Subject:* SSH Weak Key Exchange Algorithms Enabled on UniFi Wireless
> > > Access Points
> > >
> > > Subject: SSH Weak Key Exchange Algorithms Enabled on UniFi Wireless
> Access
> > > Points
> > >
> > > Good day from Singapore,
> > >
> > > I have discovered that UniFi Wireless Access Points are powered by
> Busybox.
> > >
> > > Vulnerability scanning of my client's corporate network shows SSH weak
> key
> > > exchange algorithms enabled on UniFi wireless access points.
> > >
> > > Article: SSH WEAK KEY EXCHANGE ALGORITHMS ENABLED
> > > Link:
> > >
> https://www.virtuesecurity.com/kb/ssh-weak-key-exchange-algorithms-enabled/
> > >
> > > According to the above article, we must make changes to
> > > /etc/sshd/sshd_config, especially the KexAlgorithms directive.
> > >
> > > However, when I putty/SSH into Busybox, I cannot find the file
> > > /etc/sshd/sshd_config. What SSH server is running inside Busybox?
> > >
> > > How can I make changes to the SSH server within Busybox so that I can
> > > disable the SSH weak key exchange algorithms?
> > >
> > > Please advise.
> > >
> > > Thank you.
> > >
> > > By the way, I also noticed that Hikvision Face Recognition Terminal
> Door
> > > Access Systems are also powered by Busybox.
> > >
> > > I am doing this for an investment company at Keppel Road, Singapore.
> > >
> > > Regards,
> > >
> > > Mr. Turritopsis Dohrnii Teo En Ming
> > > Targeted Individual in Singapore
> > > Blogs:
> > > https://tdtemcerts.blogspot.com
> > > https://tdtemcerts.wordpress.com
> > >
> > >
> > >
> > >
>
> > _______________________________________________
> > busybox mailing list
> > busybox at busybox.net
> > http://lists.busybox.net/mailman/listinfo/busybox
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20221103/535fc62a/attachment-0001.html>

More information about the busybox mailing list