hijacking an SSH session

Posted on 2005-04-08
Last Modified: 2008-03-17
Hello. This is an educational question not for malicious purposes.

For my assignment I was asked to discuss a method to hijack an SSH session or describe whether this is possible or not.

from my google I found some saying it wasn't possible since SSH detects alterations of TCP data which breaks the connection.

Other googles ended up saying that it is possible using dsniff or scripts.

So I'm not sure where to stand on this.
Any feedback?
Question by:badMotoFinga
    LVL 2

    Expert Comment


    I dont think many will answer this question as I dont beleive the rules of the site permit answers to questions like this.  Surfice to say though that nothing is air tight and yes certain tools will achieve what you have mentioned but to my knowledge only on specific verison of the protocol with access to the network devices managing the traffic.


    Author Comment

    yeah didnt think so ... i dont see why not .. i mean ... this is for a university course ... its essential to understand the hackers point of view when it comes to network security ... ah well

    Author Comment

    how bout from a general point of view ... all i need is a basic theoretical understanding
    LVL 51

    Expert Comment

    theoretically it can be hijacked with brute-force methods
    the weakness in sha1 and md5 found recently make this easyer, but practially it's not possible with current hard- and software

    In theory theory and practice are identical, in practice they are not.

    If you search the web, then search for last vulnerabilities in openssh, they'll give you a glue where problems can arise.
    LVL 14

    Expert Comment

    Given the rules of the site, I won't steer you too much, but.... are you looking only at the current SSHv2 protocol or also at the older and no-longer-considered-safe SSHv1 protocol? Also check out's chronical of the SSH password guessing attacks. Oh yeah, and all software has bugs.
    LVL 1

    Expert Comment

    Ask your teacher, if it is an assignment. I doubt a good teacher would assign this. OMG.
    LVL 5

    Accepted Solution

    >hijack an SSH session or describe whether this is possible or not.

    Short answer is yes it is.

    visit this link, it is SAN's, a very well respected security group, this link has whitepapers (vetted by SANs) which should help demistify encryption and vpn technologoies including ssh.

    in terms of hijacking, this is more difficult but possible, most likely an attacker would steal the session rather than hijack it. Obviously, there are many ways to skin that cat but the SAN's reading room should provide enough material to cover what you need for your course.

    Note, it will not teach you to hack either.
    LVL 4

    Expert Comment

    I would have to say yes it is.

    Esp when you hijact the whole computer first and use software to remote control the computer.
    LVL 4

    Expert Comment

    Oh DUH! it just hit me,

    The answer is YES becase, IF you get up and walk away from the computer for a short bit...someone else can use your session.

    i recently read a survay stating that most people don't "log out" of sites like ebay when they get up for a short bit.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now