Trojan horse found in OpenSSH

Several versions of OpenSSH contain a Trojan horse that can allow an attacker to take over a system running the free network connectivity software, the makers of OpenSSH warned Thursday.

OpenSSH is distributed for free by the OpenBSD project. The SSH protocol is widely used for secure remote terminal connections and file transfers between a client and a server running Unix and its derivatives.

The Trojan horse was discovered in OpenSSH versions 3.2.2p1, 3.4p1 and 3.4. The compromised software was first made available on an official download server on July 30 or July 31 and from there likely copied to other download sites, according to an OpenSSH security advisory.

Trojan horse programs install backdoor programs that let attackers gain access to a computer. In this case the malicious code is run when the OpenSSH software is compiled by the user, according to the advisory. It allows arbitrary commands to be executed with the privileges of the compiling user.

Anyone who installed OpenSSH or offered it for download since July 30 should verify the authenticity of the software. The compromised OpenSSH versions can be identified by their incorrect MD5 checksums and PGP signatures, according to the advisory.

More information on the Trojan horse and how to detect it can be found in the OpenSSH advisory ( and an advisory sent out by the Computer Emergence Response Team (CERT) (

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Featured Reads