Collaborate Disseminate
I want to use CA signed SSH keys (that would be rotated frequently and have short expiry, ideally centrally managed, all that great stuff). Unfortunately, most of windows GUI tools, such as WinSCP or even PuTTY, don’t support… Continue reading How secure is passwordless and keyless SSH login on 127.0.0.1 only, over a secure authenticated tunnel?
I’ve been pondering/hacking/experimenting/using/misusing and am torn/puzzled over this for the past month or so;
Which of these methods should prove themselves more secure/least susceptible to be exploited, when generating ss… Continue reading SSH AUTH : sekey vs yubikey vs ssh-keygen
I accidentally exposed the keys in /etc/ssh
What is the risk?
I think it will allow someone to impersonate the server and conduct MITM.
Will it let someone SSH into the server? I think not because they’re not the private k… Continue reading Exposure of /etc/ssh, risks?
AMD Epyc processors support Secure Encrypted Virtualization (SEV), a technique that prevents even a hypervisor reading memory belonging to a virtual machine. To pull this off, the encryption and decryption is handled on the fly by the Platform Security Processor (PSP), which is an ARM core that handles processor start-up …read more
I have a small web-facing server on my home network. It is headless, and the only way to log in is to ssh with pubkey authentication from within the local network.
I wanted to turn on a 2FA authentication PAM module for any… Continue reading Sufficient to only require 2FA for su elevation?
A file is send from ServerA to ServerB using self written automation tool via scp bash command. There is SHA-256 thumbprint required for ServerB host validation. What is the correct approach here to ensure in ServerA that th… Continue reading Validate SHA-256 thumbprint before send flle with scp
Here’s a way to keep secrets safe in memory, even in a world of hardware-level leakage due to tricks like Rambleed, Spectre and more. Continue reading Serious Security: Rambleed attacks blunted – the OpenSSH way
I have my server host key(private key) in Openssl format that i want to use for server authentication.
I prefer to use the trust model that client local database should associates each host name with the corresponding public… Continue reading server host key usage problem
OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow attackers to extract private keys from memory. About OpenSSH OpenSSH is the most popu… Continue reading OpenSSH adds protection against Spectre, Meltdown, RAMBleed
In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown.
Have you ever noticed they all had at least one … Continue reading OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks