All Servers - SSH Access Restricted

[GatorTeddy]

In response to a new possible OpenSSH exploit brought to our attention today, we have been forced to disable SSH access for all of our shared and reseller customers and we strongly recommend our dedicated clients restrict access to their SSH services by firewall as well.

We are currently developing a patch in response to this new threat and we will release the full details as soon as possible. We will update this thread within the next 24 hours with futher information as it becomes available.

Updates:

July 8 at 6:40 PM: SSH has been enabled on a per IP basis. Details here.
July 14 at 8:00 PM: SSH access has been restored. Details here.

[digitaltoast]

Well, it's good to hear you're quick on the response, but I sure hope you get it sorted soon. I rely on ssh almost daily - I just tried to get in now and came here before logging a ticket.

Really need that ssh back - let's hope it's not more than a few hours!

It is, after all, a charged service - sure, $10 per account isn't big, but I've got $50 of something I bought that I can't use right now. Just pre-empting anyone complaining about me complaining

[unforget]

Hmmm.. There's always a vulnerability in something. If the regular method of dealing with it is to turn the service off I'll be leaving. For my use losing access via ssh is nearly as bad as losing access via http. I'll wait to see how long this lasts.

[dsmythe]

Quote:

Originally Posted by GatorTeddy

In response to a new possible OpenSSH exploit brought to our attention today, we have been forced to disable SSH access for all of our shared and reseller customers and we strongly recommend our dedicated clients restrict access to their SSH services by firewall as well.

We are currently developing a patch in response to this new threat and we will release the full details as soon as possible. We will update this thread within the next 24 hours with futher information as it becomes available.

does this effect your (HG's) servers? or all *nix boxes? only some distros?

[rhogendo]

Mmm, Let's hope this is solved soon. I cannot continue with the instllation right now.

[cjestel]

They are already on a non standard port....woudln't enabling port knocking be a much better solution than turning it off?

[testuff]

Or even enabling access from static IP addresses as a workaround??

[Kelmas]

Today I noticed error when connecting to reseller server over S-FTP. I must say it causes me many problems as I use this type of secure connection to update my scripts instead of non-secure FTP.

Where can I find more information about this possible OpenSSH exploit? Was the latest version exploited?

[striddy]

Quote:

Originally Posted by Kelmas

Where can I find more information about this possible OpenSSH exploit? Was the latest version exploited?

I wouldn't expect HG is going to detail the exploit until it's patched.

[Kelmas]

Quote:

Originally Posted by striddy

I wouldn't expect HG is going to detail the exploit until it's patched.

Well if Hostgator is going to patch OpenSSH exploit theirselves, probably you are right. But if it's common across all OpenSSH installations, some info about the exploit might be already on the net unless Hostgator team was the very first to identify it.

Looking forward to enabled SSH access

[GvilleRick]

Having worked with a host that experienced a major hack of multiple servers I can certainly understand the need to act quickly. As inconvenient as it is for individual users it could result in downtime for all accounts on the servers if they are hacked. Many shared hosts refuse to offer SSH access (even jailed SSH) due to potential problems.

[quietFinn]

Quote:

Originally Posted by Kelmas

I must say it causes me many problems as I use this type of secure connection to update my scripts instead of non-secure FTP.

You should be able to use FTPES, i.e. "FTP over explicit TLS/SSL". Check your FTP client and see if it supports that. I believe HG servers support it.

[testuff]

Quote:

Originally Posted by striddy

I wouldn't expect HG is going to detail the exploit until it's patched.

Well, if SSH is disabled anyway, then what have they got to worry about??

Would be useful to at least know it's a real threat and that it was confirmed and tested. Otherwise, anybody can spread a rumor, which would end up causing many users what I consider a 'denial of service'...

Imagine a rumor about some nasty cpanel remotely exploited hack... Would HG then completely shut down all servers until a fix is issued?? (for a vulnerability that may or may not exist)

I obviously exaggerate, but just playing devil's advocate here.

[junkstuff]

Can someone answer this. Am in chat with: Jennifer Le and she tells me that not only is SSH disabled but all shell commands even from a Cron job. Can someone tell me if this is true? Then all my backup scripts are not running as well as many other processes I use for client websites. I need to know this now.

Quote:

Originally Posted by junkstuff

Can someone answer this. Am in chat with: Jennifer Le and she tells me that not only is SSH disabled but all shell commands even from a Cron job. Can someone tell me if this is true? Then all my backup scripts are not running as well as many other processes I use for client websites. I need to know this now.

This should not affect your shell commands.

[Misterpat]

Quote:

Originally Posted by GatorDrewH

This should not affect your shell commands.

My backup command did not run today on its scheduled time.

[junkstuff]

Is it possible to know more precisely than "SHOULD"????
Either they are disabled by you or not.

[GatorDavid]

Quote:

Originally Posted by Misterpat

My backup command did not run today on its scheduled time.

Good day,

According to the cron log, it ran at Jul 6 03:00:01, which was this morning. If you did not receive the expected results, please submit a ticket to support@hostgator.com so we can look at it further. Thanks.

[GatorDavid]

Quote:

Originally Posted by junkstuff

Is it possible to know more precisely than "SHOULD"????
Either they are disabled by you or not.

They will not be affected by this change. The only feature disabled was access to the server on port 2222, which is what we run jailshell on. You are still free to run the normal commands you always were able to run. If you have any questions or see any problems, let us know. Thanks!

[junkstuff]

Thank You for the clarification. Someone on the phone support also had told me shell commands under Cron will not work. That would have caused massive issues if true.

[Misterpat]

Quote:

Originally Posted by GatorDavid

Good day,

According to the cron log, it ran at Jul 6 03:00:01, which was this morning. If you did not receive the expected results, please submit a ticket to support@hostgator.com so we can look at it further. Thanks.

Your right. Its a problem on my end. The cron did run. Sorry about that.

Look forward to the ssh being fixed!

[GatorDHanna]

@unforget (post #3): Our normal procedure is to get a fix created and deployed right away. We very, very rarely disable access to something like SSH because we know that it will inconvenience quite a few people. When we do disable something, it’s because we feel as if a particular threat or vulnerability is legitimate and warrants immediate action.

@dsmythe (post #4): We have limited information about this exploit and the extent of it, but as far as we know, it affects only Linux boxes running OpenSSH compiled against OpenSSL, with the exception of OpenSSL version 1.0.x beta.

@cjestel and testuff (posts #6 and #7): Enabling static IPs and/or setting up a port knocking routine is a possibility, but we don’t expect that SSH will be disabled long enough to justify setting the systems up. Right now we’re in the process of learning more about the exploit and the best way to get a fix out for it.

@Kelmas (post #8) and testuff (post #13): striddy is correct. We have information from two private sources and deem the information to be credible, but we aren’t ready to disclose further details just yet. Like I said above, we only act this way if we feel a threat or exploit is serious enough to warrant strong action. Our CTO reviewed the information we had and suggested this course of action in order to protect the overall security of our customers and their accounts.

@junkstuff (post #14): I will clarify to our support team that this change will not affect cron jobs.

If anyone has any further questions, please let us know. We'll continue to monitor this thread and provide updates as they become available.

[pxforti]

OK. Replying so I can get updates on this thread.
BTW: couldn't see how to subscribe to this thread without replying.

[GatorDHanna]

Quote:

Originally Posted by pxforti

OK. Replying so I can get updates on this thread.
BTW: couldn't see how to subscribe to this thread without replying.

Click Thread Tools near the top of the original post and click "Subscribe to this Thread".

[bluepony]

@Douglas: Thank you for the update and for taking a proactive measure to ensure that our accounts and sites are secure. Do you have an ETA for when SSH will be enabled again? Are we talking hours, days, weeks? Not having SSH access is causing big problems for us and knowing when it may be patched can help us plan accordingly.