Questions tagged [ssh]
SSH (Secure shell) is a protocol for secure communication between computers to execute remote commands, transfer data and tunnel TCP connections.
1,243 questions
1
vote
0
answers
62
views
SCP from RHEL 8.10 VM to USB bypassing Windows 11 Host Drive
I am attempting to find information showing that when you SCP a file from a RHEL 8.10 VM hosted on Windows 11 to a USB drive, the contents of the file are not stored in a page file or buffer file ...
- 11
2
votes
1
answer
132
views
how to handle PUTTY first time SSH connection security alert host key not cached
for what seems to be a security process that was either not fully thought through, or not documented as to what was expected to happen in the field...
The first time connecting via SSH protocol (and ...
- 463
0
votes
1
answer
216
views
What is the layer of SSH? [duplicate]
from the book : Network Security, Firewalls, and VPNs, 3rd Edition
IPSec works at Layer 3 of the OSI model, while SSH functions at Layers
4 and 5.
as far as i know SSH is in layer 7 ( SSH is not in ...
- 105
0
votes
1
answer
276
views
Doesn't SSH tunnelling encrypt data packets?
I read this Firewall Technical article
and I read this paragraph:
The most fundamental difference between a VPN and an SSH tunnel is how each of these technologies operates. With VPN tunneling, ...
- 105
2
votes
1
answer
314
views
For the same private key, I have two slightly different public keys. Is it normal?
I have two servers, and I want one to talk to the other. Lets call them alpha and beta, where alpha wants to talk to beta.
On alpha, I have created an RSA key pair : private key and public key.
I use ...
- 23
1
vote
1
answer
352
views
SSH: Do the public and private keys contain the ip address?
Question
Do the public and private keys contain the ip address?
Scenario
Suppose "Computer I" as client has a IP as 192.168.1.A and is generated for SSH purposes its respective pair of ...
- 229
1
vote
0
answers
88
views
Managing SSH authorized keys exported from OpenPGP keys
One of the benefits of using OpenPGP authentication subkeys instead of arbitrarily created SSH keyfiles, is key expiration and revocation.
While there is plenty of documentation on how to use OpenPGP ...
- 11
1
vote
1
answer
155
views
Relative security of ssh password and public key to remote systems
I just know everyone is going to shout at me that public key is better but let me spell out the actual scenario first.
I have a small LAN at home, basically I'm the only regular user but other members ...
- 361
2
votes
2
answers
1k
views
RHEL in FIPS mode ignores crypto subpolicy
I have a number of RHEL 8 and RHEL 9 systems with FIPS mode enabled. I'm trying to use a crypto subpolicy to disable CBC ciphers, but the subpolicy seems to be ignored in FIPS mode even though it is ...
- 1,201
1
vote
1
answer
249
views
Auto-unlock private key: which implications?
On my system (Ubuntu 22.04) I have encrypted my private key with a passphrase and added it to the ssh agent with ssh-add.
On use of the key, I am prompted with the option "Automatically unlock ...
- 151
4
votes
2
answers
218
views
Is it better to leave my SSH reverse tunnels exposed on a server, or expose them through tcp forwarding?
This is a follow up on When I use SSH tunneling, can I assume that the server does not need to be trusted?
When I am using an intermediate server I to connect to my endpoints via SSH tunnels, is it ...
- 173
1
vote
0
answers
78
views
Router with good remote access (SSH etc) [closed]
I need to programmatically configure a router. However, none of our routers support ssh! Which kind of sucks!
I'm putting together a suite of full regression tests looking at wifi connectivity. For ...
- 113
2
votes
2
answers
252
views
What's the point of users having to authorize their SSH keys and tokens they created themselves when SAML single sign-on is enabled on GitHub?
In GitHub's Enterprise Cloud docs it says:
To use an SSH key with an organization that uses SAML single sign-on (SSO), you must first authorize the key.
I understand that organization admins could ...
- 121
4
votes
2
answers
1k
views
How to tell if RegreSSHion was exploited (CVE-2024-6387)
I have a VM with a Cloud Provider that I am able to SSH into. I've recently read about RegreSSHion (the reappearance of CVE-2006-5051, as CVE-2024-6387), and I'm wanting to make sure that I wasn't ...
- 143
4
votes
1
answer
3k
views
Now that `sshcontrol` has been deprecated, how to use gpg key for ssh authentication with an agent?
The GnuPG Manual states that:
This [sshcontrol] file is deprecated in favor of the "Use-for-ssh"
attribute in the key files.
What is now the correct way to configure gpg / gpg-agent to use ...
- 183
2
votes
3
answers
229
views
Should one be concerned about public keys being copied to wrong servers accidentally?
I am currently automating the setup of a web server with Ansible. My two team mates should be able to run the Ansible playbook as well. Therefore, their public keys need to be added to the ...
- 121
2
votes
1
answer
4k
views
Ssh ciphers order list based on security
hmac-sha256
[email protected]
hmac-sha2-256
[email protected]
hmac-sha512
[email protected]
hmac-sha2-512
[email protected]
Can someone help in ordering the above ...
- 21
2
votes
1
answer
413
views
Openpubkey SSH workflow details
Currently looking into OpenPubKey and more specifically into OpenPubkey SSH:
https://github.com/openpubkey/openpubkey
https://docs.bastionzero.com/openpubkey-ssh
Terminology:
OPK => OpenPubkey
...
- 235
0
votes
1
answer
405
views
Port knocking through NAT for self-hosted server
I decided to move to self-hosting because it is cheaper.
What I want to host:
My personal website
Some apps for fun
Maybe later a Honeypot
I have my old laptop acting as the main host. It has Ubuntu ...
- 75
0
votes
0
answers
193
views
How safe is it to run an un unpatched, internet-exposed OpenSSH service?
There have recently been several reported security issues with OpenSSH (Terrapin, double-frees, remote execution, X11 forwarding vulnerabilities..). How safe is it for a server to expose OpenSSH (...
- 195
0
votes
0
answers
164
views
YubiKey Bio for SSH login: Do I have to reauthenticate?
I'd like to use YubiKey Bio for SSH-logins. I'm wondering how often I have to show my fingerprint for authentication when I start new sessions. What's the interval? If I start a new session every 5 ...
- 101
1
vote
2
answers
610
views
Consequences of .ssh/authorized_keys being world-readable
OpenSSH sshd enforces mode 0600 for authorized_keys when StrictMode is enabled. How is mode 0644 more vulnerable?
- 135
1
vote
2
answers
6k
views
How to update Ubuntu SSH version to latest version [closed]
I'm trying to update the Ubuntu OpenSSH version to 9.3p2, because of the CVE-2023-38408 vulnerability, but I can't.
The recomendation is update to last version: https://ubuntu.com/security/CVE-2023-...
0
votes
1
answer
496
views
What's stopping attackers from brute forcing SSH passwords over new sessions?
I know that when you attempt to log in to a device via SSH, upon inputting an incorrect password, you must wait several seconds before you get another attempt. This is obviously a deterrent against ...
- 245
3
votes
1
answer
3k
views
SSH - What is the relationship between fingerprint and known_hosts file?
I am trying to understand the relationship between fingerprint of SSH server's public key and known_hosts file.
There are two SSH servers with same public key. I, the client has the private key.
I ...
- 133