#openSSH

2025-06-12

I'm betting the answer here is "this isn't possible" but if anyone knows how to tell OpenSSH that when it's enumerating pubkeys it should check which of the two known authentication dongles is actually plugged into the computer, and only prompt me to unlock the SK key that belongs to that dongle, not both of them, please tell me how.

#openssh #yubikey

Alex Palombo 🇧🇷alpalombo@mstdn.social
2025-06-09
2025-06-07

OpenSSH Config Tags How To

mrod.space/2023/09/04/using-ta

To be honest I did not know tags existed in #OpenSSH

Warum genau liegt im Archiv mit dem Quelltext von #OpenSSH "openssh-10.0p2.tar.gz" der Quelltext von openssh-10.0p1?

Meine Pipeline ist auf die Nase gefallen, weil es p2 erwaret aber nur p1 findet...

Auch die Hashes von p1 und p2 sind gleich...

689148621a2eaa734497b12bed1c5202 openssh-10.0p1.tar.gz
689148621a2eaa734497b12bed1c5202 openssh-10.0p2.tar.gz

Edwin Groothuismavetju@aus.social
2025-06-03

I found out that the way PuTTY stores the server finger print is different from the way OpenSSH does do it:

OpenSSH takes the hostname you provide, so foo and foo.example.net are two different ones, even if the search domains (in /etc/resolv.conf for example) makes it so that foo is actually foo.example.net.

PuTTY on the other hand looks at the DNS name, so if your foo which before pointed to foo.example.net now suddenly points to the CNAME of foo.example.net which points to bar.example.net, it will complain.

It will not properly complain. It will still say "I don't know the server fingerprint for foo", but at the top left of the PuTTY window title bar it will show "bar.example.net" instead of the expected name "foo.example.net" and that is the only indication on what went wrong.

So much for a "Let's prepare this change in DNS so that it will be transparent for users" 🙂

#dns #putty #openssh #ssh

2025-06-03

To support legacy OpenSSH v8.1 #openssh #sftp

askubuntu.com/q/1549899/612

2025-05-27

TIL: According to the ssh_config man page, comments in ~/.ssh/config need to be on their own line. In other words,

Host foo # my awesome host

is not a valid comment.

The ssh command seems pretty relaxed about this, but other tools (e.g. Paramiko) are not necessarily.

github.com/paramiko/paramiko/i

#SSH #OpenSSH #Paramiko #Python

Dave Polaschek (he/him)davepolaschek@writing.exchange
2025-05-26

I'm looking to hook up PerSourcePenalties in the sshd_config on my VPS, and can't find any examples of using them out there. They're a new-ish feature, so I wonder if anyone's an expert yet besides @djm.

Specifically, I'm getting a lot of attempted password logins on a system where "PasswordAuthentication no" is set, and I see five door-knocks from each IP before they get punted. Would rather have that kick in more quickly to keep the logs less cluttered.

#OpenBSD #OpenSSH

Marcus Adamsgerowen
2025-05-25

If you're on stable but would like a PQ key exchange algorithm on your SSH service, 10 is available in the Bookworm backports with the following release notes.

A screenshot of some of the changes to openssh-server, as reported by apt during the upgrade process.  Of particular importance is the following bullet:

sshd(8): this release disables finite field (a.k.a modp) Diffie-Hellman
     key exchange in sshd by default. Specifically, this removes the
     "diffie-hellman-group*" and "diffie-hellman-group-exchange-*" methods
     from the default KEXAlgorithms list. The client is unchanged and
     continues to support these methods by default.
2025-05-20

FileZilla will connect to VPS with password allthoug passwordAuthentication is set to no #2404 #openssh #vsftpd

askubuntu.com/q/1548064/612

nixCraft 🐧nixCraft
2025-05-18

Multiplexing will boost your SSH connectivity or speed by reusing existing TCP connections to a remote host. Here are commands that you can use to control multiplexing when using OpenSSH server or client on your Linux, macOS, FreeBSD or Unix-like systems. Not sure what SSH multiplexing is? Learn how to set it up and use it to speed up your SSH sessions with our handy guide: cyberciti.biz/faq/ssh-multiple

List of ssh command to control an active connection multiplexing process on Linux or Unix such as: Valid commands are: “check” (check that the master process is running), “forward” (request forwardings without command 
 execution), “cancel” (cancel forwardings), “exit” (request the master to exit), and “stop” (request the master to stop accepting further multiplexing requests).
aaron ~# :blinkingcursor:neuroexception@infosec.exchange
2025-05-15

Today i've learned that i don't need coder. I am now deploying an #ubuntu container from a #Dockerfile with an #openssh #server installed. This is a much better setup. Nearly every #Codeeditor supports #ssh workspaces so i'm not limited.

But the best thing about this setup is that it is very easy to automate using #Ansible.

I've used the same approach to set up #kali #linux environments months ago and should have stuck with that. It just works.

#clouddevelopment #clouddeveloperenvironments #docker #programming #coding #selfhosting #homelab #automation #coder

2025-05-12

Apple、macOS 15.5 SequoiaでOpenSSHを「OpenSSH 9.9p2」にアップデートし2件の脆弱性を修正。
applech2.com/archives/20250513

#applech2 #macOS_15_Sequoia #macOS #macOS_15_5 #OpenSSH #OSS #アップデート #脆弱性

2025-05-09
#openssh is the best tool for admin bsd and linux box.
Dendrobatus AzureusDendrobatus_Azureus@bsd.cafe
2025-05-07

An unimportant remnant of the past has been removed from open SSH;
DSA.

Read about it in this article the next article linked will show you that it has been removed finally

#SSH #openSSH #DSA #programming #coding #OpenSource #openBSD #BSD #secureShell #Infosec

undeadly.org/cgi?action=articl

The image shows a screenshot of a webpage from the OpenBSD Journal. The top of the page features a black background with a logo on the left, depicting a cartoonish sun with guns, and the text "OpenBSD Journal" in light blue. Below the logo, navigation links are visible: Home, Archives, About, Submit, Story, Create Account, and Login.

The main content of the page is a news article titled "DSA removal from OpenSSH" in large, light blue text. The article was contributed by "rueda" on January 11, 2024, from the "going-dept." The article states that the OpenSSH project has announced the timeline for the removal of DSA support from OpenSSH. It mentions that OpenSSH plans to remove support for DSA, as specified in the SSHv2 protocol, which is limited to a 160-bit private key with an estimated security level of less than or equal to 80 bits. The article also notes that OpenSSH has disabled DSA keys by default and that DSA is optional support for them.

The bottom of the page shows the URL "undeady.org/cgi?act" and a navigation bar with three vertical lines, a home icon, a back arrow, and a menu icon. The battery icon in the top right corner indicates 82% battery life, and the time is 03:31.

 Ovis2-8B

🌱 Energy used: 0.353 Wh

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst