-
-
Notifications
You must be signed in to change notification settings - Fork 3
SSH Backdoor
In ~/.ssh/authorized_keys there is a ssh-key preinstalled by gardena. This way anyone with the fitting private key may access your device from your network or over the established VPN to Gardena.
SSH is currently NOT blocked by a firewall.
First of all I have written Husqvarna about the issue with the preinstalled ssh-key in Oktober 2019. TLDR; SSH will be disabled for LAN/WiFI, but stays accessable via the VPN. And the ssh-keys stay there for remote access for them...
Thank you very much for your feedback and the investigation concerning the GARDENA gateways. The SSH service should not be visible on the LAN/Wifi interface – we will address this issue in the next update to the gateway. Please allow about two months for this change to be rolled out to the production environment.
SSH access from the VPN side is occasionally used to address issues discovered in operating the system. The matching private key is only stored on a single server (plus backup in a safe) that acts as an SSH portal to grant selected individuals access to customer gateways. Such access also gets audited. We are aware that this is a critical element in our system and thus periodically review how it can be further improved.
Hope this explains the things that you discovered. -Husqvarna Support
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbVpMgAHfgDGaAelLCSCXk12xdH+o+DBn7jWGVRMuw0BgylnUKNYqC8Tlsks5YjrT1XF/+4prNw451fo34irleEnde60L1b8gXH9x0CmeqIUIUGLcPYq2Xsx6E4j8Gon0LO9GUrIHaSVUU+HpEtRwnelLDIGe7350HUg4/ZvNmQdcyWcgNz1sqURa+z8YYn2sy1BPihc8LKG1Z6IQQ1FZvVEyrjhZFVo0ZkWuzl1+Xusyvwjrz5Kp+SCmx9WPuigRy3JSukYoeYnRBnEw3LJwm1UJ/ZWNshsNsD+GCRXCGJ9a5dw2OS53Q1nb5JpPtb2KMPOlfdJyb3XRs5vSFtFm1 root@vpn
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDto4kXIu0H7fikMFzdeWIHLeXsUHXGo78KlKS7vsJtdmB9mtgcCxhqCwwVXwzGvqAB6bID63fw0YbLREBFbxbIfDMUmAjcJg/yrR0TAeDdHFrjkx/Pxfa7YCTwZMd7qXDEMQ4RX0AJlAPa9Cj366mgM50srED5uvej9V/TRhWGq1TW4YMXghiGWR2MPJXh9BkkPdHUQVEQFi5DVVNKPZ+4JANc+2kmAbPl5vpVIqRUjG1Oc9/ly3/5rrljo9o9ZbqjJnPR40FOzYiItxAq9nCJu40vmCLHeucxvUAwqOn9G1jSRvsZpwdAOchaJ7CjqhxzubCOgzBD3R4mBBbBcXjD 2018-09-10-low-cost-gateway-prod