Collaborate Disseminate
I know that when you attempt to log in to a device via SSH, upon inputting an incorrect password, you must wait several seconds before you get another attempt. This is obviously a deterrent against brute force attacks. But what’s stopping … Continue reading What’s stopping attackers from brute forcing SSH passwords over new sessions?
Introduction:
I know this question has been asked many times before in many different forms, but I wanted to come at this in a slightly different way.
I am considering many different ways to secure SSH login for this particular scenario, a… Continue reading SSH Login Security – Proxy User with key and su to root
At my job, we have a UniFi controller that is hosted on a ESXi client – we need to get in there so we can switch the AP’s to our controller and other things. The company we took it over – didn’t give us the passwords for it. I’ve been just… Continue reading Gain access to UniFi controller hosted on ESXi box
I use a yubikey with device-generated ssh keys to login on my servers.
A few months ago I’ve created a ssh keypair on our cloud provider (OVH) with this value (truncated):
ecdsa-sha2-nistp256 AAAA…oYuQ= cardno:123
ssh-ed25519 AAAA…dOjE… Continue reading SSH ecdsa-sha2 key changed?
I use a yubikey with device-generated ssh keys to login on my servers.
A few months ago I’ve created a ssh keypair on our cloud provider (OVH) with this value (truncated):
ecdsa-sha2-nistp256 AAAA…oYuQ= cardno:123
ssh-ed25519 AAAA…dOjE… Continue reading SSH ecdsa-sha2 key changed?
Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that? Continue reading Beware bad passwords as attackers co-opt Linux servers into cybercrime
What would be the advantage of binding a common service to a custom port against cybersecurity attacks?
For example I want to make it harder for a hacker to evaluate the attack surface on my server so could I for example bind ssh to port 8… Continue reading Advantages of custom ports against cyberattacks [duplicate]
By Waqas
Diicot, previously known as Mexals, is a relatively new threat group that possesses extensive technical knowledge and has a broad range of objectives.
This is a post from HackRead.com Read the original post: New Diicot Threat Group Targets SSH… Continue reading New Diicot Threat Group Targets SSH Servers with Brute-Force Malware
I am trying to understand the relationship between fingerprint of SSH server’s public key and known_hosts file.
There are two SSH servers with same public key. I, the client has the private key.
I login to the first SSH server,since it is … Continue reading SSH – What is the relationship between fingerprint and known_hosts file?
Sometimes a process crashes and IT department has to log into the server and do a sudo systemctl restart apache2.
The idea was now to create a wepage an another server (of course) where users can press a button. The webserver will ssh into… Continue reading Security risk by setting authorized_key for root user and limiting to one command?