Monday 06 July 2026 17:30:34 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

SSH Backdoor

An unauthorized remote access channel that can give an attacker persistent login capability.

An SSH backdoor is an unauthorized remote access path that lets an attacker log into a device through the Secure Shell service, often with a hidden account, stolen key, or modified authentication check. Because SSH is a legitimate admin tool, a backdoor can blend in with normal maintenance traffic and survive basic cleanup.

In attacks on routers, servers, and other edge devices, an SSH backdoor is used to preserve persistent control after the initial exploit. It may enable silent re-entry, proxying, tunneling, or later movement into the network. Defenders look for unexpected SSH listeners, new users, unfamiliar keys, changed configuration files, and outbound SSH sessions from devices that should not offer remote administration. On appliances, an unexplained SSH service is often a strong sign that the device has been turned into attacker infrastructure.

← WIKICROOK index