Collaborate Disseminate
I use a yubikey with device-generated ssh keys to login on my servers.
A few months ago I’ve created a ssh keypair on our cloud provider (OVH) with this value (truncated):
ecdsa-sha2-nistp256 AAAA…oYuQ= cardno:123
ssh-ed25519 AAAA…dOjE… Continue reading SSH ecdsa-sha2 key changed?
Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that? Continue reading Beware bad passwords as attackers co-opt Linux servers into cybercrime
What would be the advantage of binding a common service to a custom port against cybersecurity attacks?
For example I want to make it harder for a hacker to evaluate the attack surface on my server so could I for example bind ssh to port 8… Continue reading Advantages of custom ports against cyberattacks [duplicate]
By Waqas
Diicot, previously known as Mexals, is a relatively new threat group that possesses extensive technical knowledge and has a broad range of objectives.
This is a post from HackRead.com Read the original post: New Diicot Threat Group Targets SSH… Continue reading New Diicot Threat Group Targets SSH Servers with Brute-Force Malware
I am trying to understand the relationship between fingerprint of SSH server’s public key and known_hosts file.
There are two SSH servers with same public key. I, the client has the private key.
I login to the first SSH server,since it is … Continue reading SSH – What is the relationship between fingerprint and known_hosts file?
Sometimes a process crashes and IT department has to log into the server and do a sudo systemctl restart apache2.
The idea was now to create a wepage an another server (of course) where users can press a button. The webserver will ssh into… Continue reading Security risk by setting authorized_key for root user and limiting to one command?
Referring to this post. We learned about ssh today, and I know that you have to add your public key to the "authorized_keys" manually on the server, but the very first time you log into the server, it will add itself to your (cli… Continue reading Why is known_hosts automatically updated but authorized_keys is not?
I’m responding to a penetration test finding on one of my application servers. The finding is that the private key embedded in my client script is capable of being used to open an SFTP session to the server.
My understanding has been that … Continue reading Interaction between sftp subsystem and forced command
How can an attacker with initial access to a server behind a firewall, which only has SSH, HTTPS, and HTTP ports open, maintain remote access to the server even after the SSH port is closed by the user on the firewall?
I have searched these questions and answers but none of them directly answering the question:
I knew its by implementing any kind of reverse shell, creating a tunnel that sending outbound connection to attacker server:
Why a tunnel – reverse shell not detected by Firewall or such Antivirus on the OS? until this point, I worked on many computers and tested if a tunnel works or not, none of them blocked me even with enterprise firewall and client security software.
Continue reading How outgoing tunnels are not stopped by AV or firewalls?
I need some help understanding the security implications of using a service like ngrok to setup an ssh connection.
I’ve got two computers without public IP addresses (both using mobile internet connections) so I can’t ssh directly from com… Continue reading Security of SSH with Service like ngrok