ssh -G ?

Posted Mar 19, 2014 9:17 UTC (Wed) by The-Grue (guest, #96055)
Parent article: 10,000 Linux servers hit by malware (ars technica)

The article as well as the PDF mentions "ssh -G":

$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"

The man page as well as ssh --help doesn't mention '-G' and OpenSSHs ssh doesn't understand it. What am I missing?

ssh -G ?

Posted Mar 19, 2014 9:20 UTC (Wed) by osma (subscriber, #6912) [Link] (2 responses)

I noticed the same. My guess is that the -G option was added to the trojaned/backdoored version of openssh. At least the existence of this option is used to determine whether the server is infected.

ssh -G ?

Posted Mar 19, 2014 9:26 UTC (Wed) by The-Grue (guest, #96055) [Link]

Ah, I see. I thought they'd grep some "valid" ssh output but it's only the error message (doh).

ssh -G ?

Posted Mar 19, 2014 12:32 UTC (Wed) by redden0t8 (guest, #72783) [Link]

That's exactly it. See section 4.4.2. of the whitepaper.