Collaborate Disseminate
Referring to this post. We learned about ssh today, and I know that you have to add your public key to the "authorized_keys" manually on the server, but the very first time you log into the server, it will add itself to your (cli… Continue reading Why is known_hosts automatically updated but authorized_keys is not?
I’m responding to a penetration test finding on one of my application servers. The finding is that the private key embedded in my client script is capable of being used to open an SFTP session to the server.
My understanding has been that … Continue reading Interaction between sftp subsystem and forced command
How can an attacker with initial access to a server behind a firewall, which only has SSH, HTTPS, and HTTP ports open, maintain remote access to the server even after the SSH port is closed by the user on the firewall?
I have searched these questions and answers but none of them directly answering the question:
I knew its by implementing any kind of reverse shell, creating a tunnel that sending outbound connection to attacker server:
Why a tunnel – reverse shell not detected by Firewall or such Antivirus on the OS? until this point, I worked on many computers and tested if a tunnel works or not, none of them blocked me even with enterprise firewall and client security software.
Continue reading How outgoing tunnels are not stopped by AV or firewalls?
I need some help understanding the security implications of using a service like ngrok to setup an ssh connection.
I’ve got two computers without public IP addresses (both using mobile internet connections) so I can’t ssh directly from com… Continue reading Security of SSH with Service like ngrok
I am trying to pentest my router’s login page, but I get a "connection refused" error.
I get the same error when I try to pentest my kali login and my Windows login to my PC accounts and I’m not sure how to fix it.
sudo hydra -l … Continue reading I am trying to Pentest with hydra password cracking tools [closed]
When connecting to a host through SSH for the first time I get met with the message: Authenticity of host ***** can’t be established. ECDSA key fingerprint is SHA256 *******. Are you sure you want to continue to connect? (yes/no/[fingerpri… Continue reading What standards are there for sharing public SSH fingerprints?
I am having problem in connecting to an Amazon EC2 Linux instance from an old Mac OS machine running El Capitan. Unfortunately without any possibility to upgrade the OS.
Because all the other modern devices I have can connect to the instan… Continue reading Understanding ssh-rsa not in PubkeyAcceptedAlgorithms
Goal
The intention is to set up an SSH entrance which is more secure (or at least more obfuscated) than a default setup with Port Forwarding or VPN.
Previous research and context
TL;DR, see question at the bottom.
I have done a fair amount… Continue reading What are the risks of running SSH over Tor?
I am considering how to make my chat application a bit more secure. It has a similar structure to IRC, multiple users can join each server, and servers can be hosted by anyone. I have been using TLS so far, but it has the problem of requir… Continue reading Suitable method of encryption for user-hosted chat platforms
My understanding is that an ED25519-sk SSH key generated by OpenSSH generates a private key stub that lives on your host machine. This stub is just a reference to the actual private key that lives on the actual hardware key itself.
My unde… Continue reading Can someone with access to only my Yubikey gain access to my server that has SSH access via an ED25519-sk keypair?