So, funny story with net-ssh. Turns out, there's insufficient housekeeping on closing out connections in the event of authentication failures, which means you can start sucking up connections pretty good when you fail authentication a whole bunch of times. Fixed in the library, so now, if you pass a block to Net::SSH.start, and the authentication fails, the connection will still close out correctly, just as it would when the authentication succeeds.

Protip: If you don't pass a block, it's *still on the caller* to deal with the connection somehow. You'll want to basically always assign the connection to someplace you control, like so: sock = Net::SSH.start(whatever); sock.close). Otherwise, if you just Net::SSH.start without a block /or/ without assignment, you'll be stuck with all these useless connections hanging around. git-svn-id: file:///home/svn/framework3/trunk@8556 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 03:02:25 +00:00 · 2010-02-19 03:02:25 +00:00 · ab3b173040
parent e59082f6b5
commit ab3b173040
2 changed files with 2 additions and 6 deletions
--- a/lib/net/ssh.rb
+++ b/lib/net/ssh.rb
@ -206,6 +206,7 @@ module Net
          return connection
        end
      else
+		  transport.close
        raise AuthenticationFailed, user
      end
    end
--- a/modules/auxiliary/scanner/ssh/ssh_login.rb
+++ b/modules/auxiliary/scanner/ssh/ssh_login.rb
@ -51,11 +51,6 @@ class Metasploit3 < Msf::Auxiliary
 		datastore['RPORT']
 	end

-	def do_logout
-		self.ssh_socket.close if self.ssh_socket
-		self.ssh_socket = nil
-	end
-
 	def do_login(ip,user,pass,port)
 		opt_hash = {
 			:password => pass,
@ -75,7 +70,7 @@ class Metasploit3 < Msf::Auxiliary
 			return :fail # For whatever reason. Can't tell if passwords are on/off without timing responses.
 		end
 		if self.ssh_socket
-			do_logout
+			self.ssh_socket.close
 			return :success
 		else
 			return :fail