Collaborate Disseminate
Now that OpenSSH supports Elliptic curve security keys (since version 8.2), it’s possible to generate a ed25519-sk key on a hardware security key:
$ ssh-keygen -t ed25519-sk -C comment
This generates a public and a private key parts. How … Continue reading How sensitive is the primary key stub of an ed25519 security key (~/.ssh/id_ed25519_sk)?
I am doing some tests around ssh. From what I have seen a server usually has multiple host keys. When a client tries to connect, it tries to negotiate which key types to use DSA, RSA, ECDSA, etc. But on key signature confirmation by the us… Continue reading SSH to github.com only adds RSA keys – excludes ed25519 host keys
This thread is for how ssh-keygen relates to quantum computing attacks.
What are the strengths and weaknesses of the ssh-keygen algorithms as related to quantum computing, which from my understanding will be able to potentially crack them … Continue reading What ssh-keygen algorithm, or solutions, may be short-term future-proof effective for quantum computing attacks? [closed]
The last couple of weeks I have been researching possible attacks that can be performed on a Tor hidden service using SSH from a location different from that of the server, assuming the .onion address has already been deanonymised.
I am on… Continue reading Are there any known SSH (protocol or implementation) vulnerabilities which can be performed on a tor hidden service?
As a seasoned, or even new IT Pro, you’re likely an avid user of Putty, using secure shell (SSH) to connect to Unix/Linux servers, computers, and even Windows machines for an efficient and secure remote command-line experience. Well, did you know Windows 10, Windows 11, and Windows Server 2019 (and Windows Server 2022) include an […] Continue reading The Ultimate Guide to Installing OpenSSH on Windows
With password authentication you’re basically giving your password to the attacker. At least that is my understanding. What about public key authentication? I hear that a private key never leaves your side, and that it’s not possible to pe… Continue reading What are possible implications of ignoring the ssh host key warning?
Terminal command:
$ nmap 10.10.244.76 -p 22 –script ssh-brute \
–script-args userdb=trash.txt,passdb=rockyou.list,timeout=4s
NSE: [ssh-brute] usernames: Time limit 15m00s exceeded.
NSE: [ssh-brute] usernames: Time limit 15m00s exceed… Continue reading Bypass time limitation of OpenSSH when using Nmap [duplicate]
Running on macOS, I see these available key algorithms:
$ ssh -V
OpenSSH_8.1p1, LibreSSL 2.7.3
$ ssh -Q key
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-ce… Continue reading Why are rsa-sha2-512 and rsa-sha2-256 supported but not reported by ssh -Q key?
I use X forwarding with a debian server running openssh so that I can directly copy over error messages I see in tmux to my local machine.
Twice it happened that instead of getting the intended text on my clipboard, I got some gibberish ch… Continue reading Random chinese characters on attempt to copy clipboard from X forwarded ssh session [migrated]
I am bewildered as to the below config and subsequent behaviour.
/etc/ssh/sshd_config:
AuthorizedPrincipalsFile /etc/ssh/principals
/etc/ssh/principals:
all
host.example.com
dev
This allows me to login as ANY user using my cert which has… Continue reading OpenSSH AuthorizedPrincipalsFile Allows Any User