Questions tagged [openssh]
A free and open implementation of the SSH communication security tools.
179
questions
0
votes
0
answers
6
views
sshd won't start from xinetd in OpenSSH 9.8p1 [migrated]
We start sshd using xinetd on our gateway. Here is the xinetd config file:
service ssh
{
instances = 10
socket_type = stream
wait = no
user = root
...
1
vote
0
answers
58
views
OpenSSH 9.6p1: What is the best key type for the ssh-keygen command through the -t option? [duplicate]
The ssh-keygen command to generate the pair of keys files can use the -t option. According to Ubuntu Noble's man ssh-keygen for the mentioned option, it indicates:
-t dsa | ecdsa | ecdsa-sk | ed25519 |...
11
votes
1
answer
452
views
XZ compromise and consequences for people having used it
Here's a hot topic:
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
https://lwn.net/Articles/967180/
https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@...
0
votes
0
answers
15
views
ssh-keygen fido2 keys without password [duplicate]
ssh-keygen -t ed25519-sk -O resident -C "yubikey-fido1
My understanding is that I should be able to generate openssh keys with fido2 without password and require touch-only. While that opens up ...
0
votes
1
answer
94
views
SSH-Agent writing unencrypted keys to swap memory
I have recently set up a computer with full disk encryption, and I decided not to encrypt the swap partition for performance reasons. I have been using ssh-agent on another computer to load my private ...
0
votes
0
answers
134
views
Is using OpenSSH Authentication Agent on Windows 11 a secure practice?
I use a passphrase on my SSH key used for git. I wanted to be able to use the same git for a few scripts I run to clone/pull a bunch of my repos.
I discovered that I don't have to repeatedly enter my ...
0
votes
0
answers
151
views
How safe is it to run an un unpatched, internet-exposed OpenSSH service?
There have recently been several reported security issues with OpenSSH (Terrapin, double-frees, remote execution, X11 forwarding vulnerabilities..). How safe is it for a server to expose OpenSSH (...
0
votes
0
answers
79
views
How do I check if my PowerShell is connected on SSH?
I know how to check but command line cmd or powershell can be altered to make it look clean with disguised hash codes (which they show like they are not tempered but actually commands are altered and ...
1
vote
2
answers
406
views
Consequences of .ssh/authorized_keys being world-readable
OpenSSH sshd enforces mode 0600 for authorized_keys when StrictMode is enabled. How is mode 0644 more vulnerable?
0
votes
1
answer
122
views
Besides intended usage, what is the difference between a host key and a user key?
The ssh-keygen program has -h flag for creating a host key. What is the actual difference between keys created with and without -h? Is there any reason I could/should not use a host key as a user key ...
1
vote
2
answers
4k
views
How to update Ubuntu SSH version to latest version [closed]
I'm trying to update the Ubuntu OpenSSH version to 9.3p2, because of the CVE-2023-38408 vulnerability, but I can't.
The recomendation is update to last version: https://ubuntu.com/security/CVE-2023-...
1
vote
1
answer
3k
views
Configuration option PubkeyAcceptedKeyTypes vs PubkeyAcceptedAlgorithms?
I'm using OpenSSH 8.9p1. I'm trying to connect to a git via SSH, and I'm getting
no matching host key type found. Their offer: ssh-rsa
I was able to fix the problem by adding the following to my ~/....
7
votes
1
answer
9k
views
Understanding ssh-rsa not in PubkeyAcceptedAlgorithms
I am having problem in connecting to an Amazon EC2 Linux instance from an old Mac OS machine running El Capitan. Unfortunately without any possibility to upgrade the OS.
Because all the other modern ...
1
vote
0
answers
1k
views
What are the risks of running SSH over Tor?
Goal
The intention is to set up an SSH entrance which is more secure (or at least more obfuscated) than a default setup with Port Forwarding or VPN.
Previous research and context
TL;DR, see question ...
4
votes
1
answer
542
views
Can someone with access to only my Yubikey gain access to my server that has SSH access via an ED25519-sk keypair?
My understanding is that an ED25519-sk SSH key generated by OpenSSH generates a private key stub that lives on your host machine. This stub is just a reference to the actual private key that lives on ...