Collaborate Disseminate
The ssh-keygen program has -h flag for creating a host key. What is the actual difference between keys created with and without -h? Is there any reason I could/should not use a host key as a user key or vice versa?
Continue reading Besides intended usage, what is the difference between a host key and a user key?
I’m trying to update the Ubuntu OpenSSH version to 9.3p2, because of the CVE-2023-38408 vulnerability, but I can’t.
The recomendation is update to last version: https://ubuntu.com/security/CVE-2023-38408
I am running the following command:… Continue reading How to update Ubuntu SSH version to latest version [closed]
I’m using OpenSSH 8.9p1. I’m trying to connect to a git via SSH, and I’m getting
no matching host key type found. Their offer: ssh-rsa
I was able to fix the problem by adding the following to my ~/.ssh/config
Host git.host.net
Use… Continue reading Configuration option PubkeyAcceptedKeyTypes vs PubkeyAcceptedAlgorithms?
Up first this week is a report from vpnMentor, covering the unsecured database backing a set of dating apps, including 419 Dating. The report is a bit light on the …read more Continue reading This Week in Security: Dating App, WooCommerce, and OpenSSH
One of the things ssh can do is execute a command on a remote server. Most of us expect it to work transparently when doing so, simply passing the command …read more Continue reading SSH Can Handle Spaces In Command-line Arguments Strangely
By Deeba Ahmed
According to Microsoft, the new campaign is ongoing and uses a backdoor to install a patched version of OpenSSH to hijack targeted devices.
This is a post from HackRead.com Read the original post: Patched OpenSSH Exploited for IoT, Linux… Continue reading Patched OpenSSH Exploited for IoT, Linux Cryptomining
I am having problem in connecting to an Amazon EC2 Linux instance from an old Mac OS machine running El Capitan. Unfortunately without any possibility to upgrade the OS.
Because all the other modern devices I have can connect to the instan… Continue reading Understanding ssh-rsa not in PubkeyAcceptedAlgorithms
Goal
The intention is to set up an SSH entrance which is more secure (or at least more obfuscated) than a default setup with Port Forwarding or VPN.
Previous research and context
TL;DR, see question at the bottom.
I have done a fair amount… Continue reading What are the risks of running SSH over Tor?
My understanding is that an ED25519-sk SSH key generated by OpenSSH generates a private key stub that lives on your host machine. This stub is just a reference to the actual private key that lives on the actual hardware key itself.
My unde… Continue reading Can someone with access to only my Yubikey gain access to my server that has SSH access via an ED25519-sk keypair?
Assuming I have found several OpenSSH private keys on my client’s system, how can I detect (at scale) which of them are:
completely unprotected (i.e. no passphrase)
using an old hashing algorithm for the passphrase (I read somewhere that … Continue reading How do you know what KDF was used to protect an SSH-Key?