Collaborate Disseminate
Here’s a hot topic:
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
https://lwn.net/Articles/967180/
https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/
I’m not an expert i… Continue reading XZ compromise and consequences for people having used it
ssh-keygen -t ed25519-sk -O resident -C "yubikey-fido1
My understanding is that I should be able to generate openssh keys with fido2 without password and require touch-only. While that opens up a potential attack when both the device… Continue reading ssh-keygen fido2 keys without password
Even though I don’t have SSH or OpenSSH installed on my machine, I noticed that I have the following directory ssh-XXXXXX2ivnoU in the tmp directory. Inside that directory is a file named agent.2640
What could be causing the creation of th… Continue reading MX Linux SSH folder in tmp directory [closed]
I have recently set up a computer with full disk encryption, and I decided not to encrypt the swap partition for performance reasons. I have been using ssh-agent on another computer to load my private keys, and was wondering if it were pos… Continue reading SSH-Agent writing unencrypted keys to swap memory
I’m attempting to enhance the security of my OpenSSH server configuration by enforcing a maximum authentication time limit. However, upon trying to implement this by adding the MaxAuthAge option to the sshd_config file, I encountered an er… Continue reading How to Enforce Maximum Authentication Time in OpenSSH Configuration? [migrated]
I use a passphrase on my SSH key used for git. I wanted to be able to use the same git for a few scripts I run to clone/pull a bunch of my repos.
I discovered that I don’t have to repeatedly enter my passphrase if I configure my system to … Continue reading Is using OpenSSH Authentication Agent on Windows 11 a secure practice?
There have recently been several reported security issues with OpenSSH (Terrapin, double-frees, remote execution, X11 forwarding vulnerabilities..). How safe is it for a server to expose OpenSSH (using public key authentication) to the int… Continue reading How safe is it to run an un unpatched, internet-exposed OpenSSH service?
Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The Terrapin atta… Continue reading SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)
I know how to check but command line cmd or powershell can be altered to make it look clean with disguised hash codes (which they show like they are not tempered but actually commands are altered and edited) or even faked Also I don’t trus… Continue reading How do I check if my PowerShell is connected on SSH?
OpenSSH sshd enforces mode 0600 for authorized_keys when StrictMode is enabled. How is mode 0644 more vulnerable?
Continue reading Consequences of .ssh/authorized_keys being world-readable