Skip to content

SSH server running inside container

Info

ID: MS-TA9010
Tactic: Execution
MITRE technique:

SSH server that is running inside a container may be used by attackers. If attackers gain valid credentials to a container, whether by brute force attempts or by other methods (such as phishing), they can use it to get remote access to the container by SSH.

Mitigations

ID Mitigation Description
MS-M9015 Avoid Running Management Interface on Containers Avoid running SSH daemon on containers
MS-M9014 Network Segmentation Limit network access to containers
MS-M9011 Restrict Container Runtime using LSM Limit which process can open network socket on a container.