Collaborate Disseminate
I want to have a server where I can connect many computers and open reverse tunnels, and then when I want to connect to those tunnels, I will SSH into the server and forward my local connection to it, therefore not exposing the reverse tun… Continue reading Is it a good idea to run openssh-server into a docker container?
This is a follow up on When I use SSH tunneling, can I assume that the server does not need to be trusted?
When I am using an intermediate server I to connect to my endpoints via SSH tunnels, is it better if I don’t leave their ports open … Continue reading Is it better to leave my SSH reverse tunnels exposed on a server, or expose them through tcp forwarding?
I’m evaluating what is the better technique for SSHing into my machines securely, without trusting third parties.
I can connect to my machines through an SSH tunnel, but I need a server in between.
As far as I understood, the target local … Continue reading When I use SSH tunneling, can I assume that the server does not need to be trusted?
I need to programmatically configure a router. However, none of our routers support ssh! Which kind of sucks!
I’m putting together a suite of full regression tests looking at wifi connectivity. For this, it would be hugely useful to be abl… Continue reading Router with good remote access (SSH etc) [closed]
We are performing regular reinstallations of our systems which keeps on changing the servers sshd private keys due to regeneration at the end of the OS installation.
Due to this our automated systems and my users have deactivated StrictHos… Continue reading sshd HostKey hardcoding implementation
In GitHub’s Enterprise Cloud docs it says:
To use an SSH key with an organization that uses SAML single sign-on (SSO), you must first authorize the key.
I understand that organization admins could have the power to invalidate individual … Continue reading What’s the point of users having to authorize their SSH keys and tokens they created themselves when SAML single sign-on is enabled on GitHub?
The big news this week was that OpenSSH has an unauthorized Remote Code Execution exploit. Or more precisely, it had one that was fixed in 2006, that was unintentionally re-introduced …read more Continue reading This Week in Security: Hide Yo SSH, Polyfill, and Packing It Up
The big news this week was that OpenSSH has an unauthorized Remote Code Execution exploit. Or more precisely, it had one that was fixed in 2006, that was unintentionally re-introduced …read more Continue reading This Week in Security: Hide Yo SSH, Polyfill, and Packing It Up
The ssh-keygen command to generate the pair of keys files can use the -t option. According to Ubuntu Noble’s man ssh-keygen for the mentioned option, it indicates:
-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
Specifi… Continue reading OpenSSH 9.6p1: What is the best key type for the ssh-keygen command through the -t option?
It’s a serious one:
The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration.
[…]
This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access. It could facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization…