Collaborate Disseminate
How can i connect ssh without a password? I just have key and fingerprint.
OpenSSH9.1
SSH-2.0-OpenSSH_9.1
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLI3KDVYxrlo7g82GgzoWkCc
xm10/gYvfH0EXu/pWFm… Continue reading How to connect ssh without password? [closed]
I have done a lot of research on this topic but am still missing this key information.
What security mechanism is implemented to make sure the private key is not stored verbatim in memory? I assume it has to do with some salt or struct to … Continue reading How are private keys stored in memory for OpenSSL since Heartbleed?
If I use ssh like this ssh -i id_rsa it means im passing the private key to ssh. Does ssh now then compute the public key from it and then send it to the server? Then the server would look if the public key exists in the authorized_keys fi… Continue reading Does the ssh client compute the public key from the private key?
OpenSSH 8.2 added -sk key types that allow for FIDO/U2F hardware authenticators (like a YubiKey, etc.)
yubikey-agent allows for the same functionality, except it (a) requires an additional client on top of OpenSSH, and (b) is scoped to onl… Continue reading When hardening my SSH key, why would I use yubikey-agent instead of the built-in `-sk` key type native to OpenSSH?
I need to extract an RSA private key from an ssh-agent core dump running on ubuntu 20.04. I believe the ssh version is the latest. I have tried many Linux tools with no luck. I also wrote a python program to return the section of the core … Continue reading How to extract a RSA private key from an ssh-agent core dump
I’m seeking to mitigate CVE-2002-20001 by disabling DHE key exchange through OpenSHH on a ubuntu instance.
I understand this can be achieved through editing /etc/ssh/sshd_config at line
KexAlgorithms curve25519-sha256,curve25519-sha256@lib… Continue reading OpenSSH Disabling Diffie-Hellman (DHE) key exchange
I’m adding a feature to my web app that will allow remote configuration of various devices via their built-in web apps.
For forwarding the HTTP traffic from my web app to the remote device I’m planning on using a SOCK5 SSH reverse proxy. S… Continue reading Securing SSH reverse proxy from app in an untrusted environment to server
Did i misunderstand from this post?
RequiredAuthentications2 | Usually this is done to require pubkey and 2-factor authentication token, not the user’s password.
you can use RequiredAuthentications2 pubkey,password to require both pubkey… Continue reading SSH strict "pubkey with a password" required for login?
When I connect to my "OpenSSH_8.2p1 Ubuntu-4ubuntu0.4" server alternating using
sftp -v -o HostKeyAlgorithms=ecdsa-sha2-nistp256 test-user@localhost
and
sftp -v -o HostKeyAlgorithms=rsa-sha2-256 test-user@localhost
I always get w… Continue reading Cannot use "ecdsa" and "rsa" in parallel when using SFTP
I noticed that when showing the fingerprint of different key types, there is one difference in the format.
for some reason ED25519 has the hash bits (I guess?) – 256, whereas the other key types have the key length in bits instead.
As you … Continue reading ssh-keygen fingerprint format is different between RSA+ECDSA and ED25519