Collaborate Disseminate
OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow attackers to extract private keys from memory. About OpenSSH OpenSSH is the most popu… Continue reading OpenSSH adds protection against Spectre, Meltdown, RAMBleed
In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown.
Have you ever noticed they all had at least one … Continue reading OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks
This question already has an answer here:
Converting keys between openssl and openssh
6 answers
I have an openssl format … Continue reading Convert openssl private key to openssh private key [duplicate]
Macos has open port 88 by default. Is it possible to check validity of the password via this port from Linux and how?
If the vncserver is active, it is possible to know also the username (by connecting to it with vncviewer) what would make… Continue reading Bruteforcing via port 88 on MacOS
I have a weird situation which I have been unable to determine the root cause for. I have a service I need to connect via SFTP to on the internet. When connecting via SFTP this is what I see when running it in debug mode:
[u… Continue reading SFTP client connects, but stops at OpenSSH version
Let’s say, for example, a company has a “centralised” SSH bastion/jump host on an untrusted server (e.g. a virtual machine in “the cloud”).
Meanwhile the corporate/customer/whatever network(s) have firewall ACLs permitting SSH traffic fro… Continue reading Can a SSH jump host act as MITM?
SSH passwords should not have been enabled for login over the Internet. Although the Infrastructure Team had attempted to configure the sshd daemon to disable password-based logins, having UsePAM yes set meant that passwor… Continue reading How were attackers able to login to the Apache Foundation’s infrastructure over ssh with passwords? (2010)
I’m interested in forwarding opportunities of ssh (openssh), more precisely something like nested connections.
As far as I understood the best way to use multihop ssh is chained tunnel, but in the very end we connect directl… Continue reading End-to-End Multihop ssh connections through chained sessions/connections
When I generate a key with Cygwin I get a:
—–BEGIN OPENSSH PRIVATE KEY—–
but I need a:
—–BEGIN RSA PRIVATE KEY—–
(2048)
I use the command:
>ssh-keygen -t rsa -b 2048
How do I generate good format key… Continue reading Private RSA vs Openssh key on Cygwin [migrated]
I want to implement public key authentication with CA and smart card. OpenSSH have their own certificate format, which is not x509.
I have a server (SSHD) and a client. I already made public key authentication happen with CA… Continue reading SSH – Implementing OpenSSH Certificates with smartcards