Posted by: kezhong | October 30, 2012

Install brutessh on CentOS 5.8

For security reason, our NOC team should limit ssh access outside from our customers so as to prevent SSH brute force attacks. After tuned the firewall of routers, we need to test if the firewall works. So we installed brutessh to simulate SSH brute force attacks to our test server. Beware, don’t use brutessh to try others’ IPs.

Install the crypto and paramiko for python
# wget
# rpm -ivh python-crypto-2.0.1-1.el5.rf.x86_64.rpm
# wget
# rpm -ivh python-paramiko-1.7.6-1.el5.rf.noarch.rpm

Install brutessh
# wget
# tar xvf brutessh-06.tar
# cd brutessh
# chmod 744 *.py

Make up a passlist file named passlist.txt or you can download the dictionary from John the Ripper as my past post

Simulate SSH brute force attacks
# python -h -u root -d passlist.txt
*SSH Bruteforcer Ver. 0.6           *
*Coded by Christian Martorella      *
*Edge-Security Research             *
*      *

Username: root
Password file: passlist.txt
Trying password…
2/3 password

Times — > Init: 0.02 End: 0.28

On our attacked server, we can check the situation.
# tail -f /var/log/secure


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: