Questions tagged [openssh]
A free and open implementation of the SSH communication security tools.
184 questions
0
votes
2
answers
98
views
ECDSA key fingerprints all the same?
Our build team just spun up two RHEL 9.6 VM. The ECDSA fingerprint always resolves to the same value when I ssh into other servers. I've never seen this before. What could be causing it?
$ ssh -V
...
- 115
2
votes
1
answer
507
views
What are these: "sshd-session: banner exchange ... invalid format"?
My /var/log/auth.log has a lot of log-entries like:
sshd-session[PID]: banner exchange: Connection from ip.add.res.s port PORT: invalid format
The IP-addresses are from all over the world, so, ...
- 133
3
votes
1
answer
688
views
What attack vectors are enabled on ssh with the usage of EnableEscapeCommandline?
On 2023-02-02, openSSH 9.2 added EnableEscapeCommandline to the ssh client, defaulting to "no". Explaining as:
This option defaults to "no", disabling the ~C command-line that
was ...
- 355
1
vote
1
answer
343
views
SSH: Do the public and private keys contain the ip address?
Question
Do the public and private keys contain the ip address?
Scenario
Suppose "Computer I" as client has a IP as 192.168.1.A and is generated for SSH purposes its respective pair of ...
- 219
1
vote
0
answers
77
views
Reproducing XZ Utils backdoor [closed]
I want to learn about the XZ Utils backdoor by following the xzbot exploit demo and setting up the environment. I know version 5.6.1 of xz-utils should have the backdoor, but I can't manage to install ...
- 111
1
vote
3
answers
1k
views
QID 38909 SHA1 deprecated setting for SSH (RHEL 8.6)
I am trying to solve vulnerability reported for QID 38909 i.e SHA1 deprecated setting for SSH. I have hardened the sshd configs in /etc/ssh/sshd_config and /etc/crypto-policies/backends/openssh and ...
- 121
1
vote
1
answer
244
views
Auto-unlock private key: which implications?
On my system (Ubuntu 22.04) I have encrypted my private key with a passphrase and added it to the ssh agent with ssh-add.
On use of the key, I am prompted with the option "Automatically unlock ...
- 151
4
votes
3
answers
3k
views
How resiliant is a private key passphase to brute force attacks?
in the documentation of Ubuntu ssh keys, I was surprised to read
"If your RSA key has a strong passphrase, it might take your attacker a few hours to guess by brute force.".
Really? A good ...
- 151
1
vote
0
answers
160
views
OpenSSH 9.6p1: What is the best key type for the ssh-keygen command through the -t option? [duplicate]
The ssh-keygen command to generate the pair of keys files can use the -t option. According to Ubuntu Noble's man ssh-keygen for the mentioned option, it indicates:
-t dsa | ecdsa | ecdsa-sk | ed25519 |...
- 219
11
votes
1
answer
522
views
XZ compromise and consequences for people having used it
Here's a hot topic:
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
https://lwn.net/Articles/967180/
https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@...
- 3,551
0
votes
1
answer
158
views
SSH-Agent writing unencrypted keys to swap memory
I have recently set up a computer with full disk encryption, and I decided not to encrypt the swap partition for performance reasons. I have been using ssh-agent on another computer to load my private ...
- 1
0
votes
0
answers
193
views
How safe is it to run an un unpatched, internet-exposed OpenSSH service?
There have recently been several reported security issues with OpenSSH (Terrapin, double-frees, remote execution, X11 forwarding vulnerabilities..). How safe is it for a server to expose OpenSSH (...
- 195
0
votes
0
answers
140
views
How do I check if my PowerShell is connected on SSH?
I know how to check but command line cmd or powershell can be altered to make it look clean with disguised hash codes (which they show like they are not tempered but actually commands are altered and ...
1
vote
2
answers
609
views
Consequences of .ssh/authorized_keys being world-readable
OpenSSH sshd enforces mode 0600 for authorized_keys when StrictMode is enabled. How is mode 0644 more vulnerable?
- 135
0
votes
1
answer
204
views
Besides intended usage, what is the difference between a host key and a user key?
The ssh-keygen program has -h flag for creating a host key. What is the actual difference between keys created with and without -h? Is there any reason I could/should not use a host key as a user key ...
- 123