¿Quieres aprender a usar *certificados* con SSH?

He aquí mi artículo más reciente: https://blog.woralelandia.com/certificados-ssh-una-guia-completa.html

#openssh #fedora #howto

Just learned about the existence of #PuttyCAC and that (supposedly) the Putty project rejected implementing OpenSC smartcard support.

So now the only way you can use a smartcard (aka. a yubikey) for SSH authentication with #FileZilla and/or #WinSCP is to use it as both still do NOT support #OpenSSH agent but only the Putty Pageant.

So if anyone else is looking for a way to use their smartcard with WinSCP or FileZilla, install OpenSC, reboot, install Putty-CAC, start Putty-CAC|s pageant.

OpenBSD: It's like the cool kid at the #UNIX party who just can't stop telling everyone how secure and free it is, but really just wants you to notice its #OpenSSH tattoo. 🤔✨ Two remote holes in the default install? Wow, must be a record-breaking snooze fest! 💤🔒
https://www.openbsd.org/ #OpenBSD #Security #RemoteVulnerabilities #SnoozeFest #HackerNews #ngated

Returning out of necessity to a project I abandoned to stop myself from getting an aneurysm and immediately I find a comment reminding me why I abandoned it in the first place:

OpenSSH is really super GODDAMN PICKY about motherfucking permissions

The entire path, INCLUDING WHEREEVER THE GODDAMN MOUNT IS MOUNTED ALL THE WAY UP TO /

must be owned by root. FUCK!

Thou shalt not provide #OpenSSH authorized_keys in a path of your choosing, that's a crime!

If you used OpenSSH this year you should consider kicking a few bucks over to The OpenBSD Foundation (https://www.openbsdfoundation.org/donations.html)

The few, the proud, the people who donate to open source projects.

#openbsd #openssh

Joost van Dijk from @yubico tells us about #OpenSSH combined with the #FIDO standard at the @nluug #najaarsconferentie. This info applies on any FIDO #securitykey, not just #yubikey.

#opensourceconference #Linuxconference #conference #conferentie #NLUUG #nluug25nj #hardwarekey

Community events like the BSDCons do not have quarterly earnings reports but can sure be at the mercy of them.

If you organization benefits from free software like #BSD Unix and projects Iike #OpenSSH, please make their support a permanent part of your budgets.

❤️

Fixing OpenSSH.exe Issues After October 2024 Windows Server Update | https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=8527 | #Guide #Microsoft #OpenSSH #refresh #Server #Windows #WindowsUpdate 
https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=8527

Fixing OpenSSH.exe Issues After October 2024 Windows Server Update | https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=8526 | #Guide #Microsoft #OpenSSH #refresh #Server #Windows #WindowsUpdate 
https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=8526

I am currently updating my small OpenWrt routers from v23 to v24. Unfortunately, this is not so easy: Dropbear does not support ED25519 in v24. RSA (with a key length of 4096) takes several seconds per login, which is too slow when using Ansible.

#OpenWrt #Dropbear #OpenSSH #Fail #Anaible #RSA #ED25519 #Networking #HomeLab

Analyse de bastions d'administration ssh https://www.journalduhacker.net/s/jcrwly/analyse_de_bastions_dadministration_ssh https://www.aukfood.fr/projet-rd-analyse-de-solutions-de-bastion-dadministration-ssh/ #sécurité #openssh

#Linux Trick 17: Wenn man in seinen #OpenSSH Server Banner einen kurzen Abriss über den Tiananmen Square oder Gulang Gong platziert, trennt (TCP Reset) die Great Firewall of China die Verbindungen der SSH-Scanner, bevor sie irgendwelche Passwörter ausprobieren können.

@JustinDerrick @harrysintonen And lo! It appears to have returned :blobastonished:

#openssh

Still no official statement from #openssh project about the status of openssh.com domain - this is getting a bit silly now.

Wondering if someone forgot to renew their domain at openssh.com as it appears to have recently changed hands and is offline…

#openssh #cybersquatting #security

That said, since modern versions of #OpenSSH have adopted a post-quantum key exchange by default and #Wireguard isn't, by default at least, totally quantum safe, I wonder if it would be better to use SSH with password login disabled as a VPN instead of Wireguard. You can use the optional PSK option with Wireguard to attain some level of PQ security, but it's not 100% because of the default handshake.

Just thinking out loud.

Openssh.com is down - apparently this is due to a domain move to another registrar. The site being down has caused some concern about something malicious going on. According to the little information available currently this doesn't appear to be the case. Preferably the project themselves should come out with a clear statement about this.

EDIT: 2025-10-28 Statement from Damien Miller:

"It's fixed now.

We transferred the domain to a different registrar and they locked it for abuse when they received it. Unfortunately this happened over a weekend so it took even longer to sort out."
source: https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-October/042261.html

#openssh

I'm not doing anything nearly cool enough to warrant this warning from the latest version of #OpenSSH...

#ssh #Linux #postquantum

Forgot to check #OpenSSH 10.1's changelog It was released a few weeks ago and has some interesting features #PQ

* ssh(1): add a warning when the connection negotiates a non-post quantum key agreement algorithm.

This warning has been added due to the risk of "store now, decrypt later" attacks. More details at https://openssh.com/pq.html

This warning may be controlled via a new WarnWeakCrypto ssh_config option, defaulting to on. This option is likely to control additional weak crypto warnings in the future.