All Questions
273
questions
0
votes
1
answer
53
views
Will this OpenSSH config provide the best security
Setting up my OpenSSH server on a Windows 10 server to be exposed to the WAN. (Up until now it has just been used on the LAN).
What I am trying to achieve:
When connection is from the internet, only 1 ...
- 469
0
votes
2
answers
3k
views
What are the implications for bug CVE-2024-3094 (ssh / xz) and how to minimize potential damage?
What are the real implications for bug CVE-2024-3094 (related to SSH and the XZ library) and how to minimize potential damage to the server?
- 2,188
3
votes
1
answer
1k
views
How to properly secure harden SSH in 2024?
Since 1995, SSH, notably OpenSSH server [1999], is one of those essential services like DNS [1985] for admins to manage their IT landscapes.
How do I properly secure harden an OpenSSH server in 2024?
...
- 33
1
vote
1
answer
219
views
In the Bitvise Client Software, Host Key Verification window shows public key information not generated by me
The Problem(s):
After hitting the login button, Host Key Verification window shows up with host key info. (Not generated by me. Should this be happening by default.)
For Public Key Authentication, I ...
1
vote
1
answer
118
views
More secure option than DDNS + port forwarding to host website
I wondered if there is a more secure solution for my setup. A small PC at home is hosting a website (on port 8080) while my router is forwarding outside requests from port 80 to internal port 8080 of ...
- 13
0
votes
1
answer
144
views
can anyone explain how user keys are verified (post host key/KEX, and not authorized_keys)? issue with ssh user key verify
Nutshell: Looking for a bit of an ELI5 explaining the protocol and/or implementation (openssh) of [post-KEX] user key verification (who does what) without being in code I don't understand or a too-...
0
votes
0
answers
147
views
Linux oathtool-generated TOTP 6-digit code invalid for 2FA SSH login using pam_oath.so
I'm trying to set up TOTP 2FA login into an SSH session on my Ubuntu box.
To this end I have in /etc/users.oath:
HOTP/T30/6 testuser – 8436e373cbdabce46a5d8d019c463a
(I'm generating this value over ...
- 101
1
vote
0
answers
186
views
Configure SSH to immediately deny all authentication but still listen
I'm trying to configure an SSH server to only allow access for a specific user from a specific IP address. I've configured that with
PubkeyAuthentication no
PasswordAuthentication no
...
0
votes
2
answers
410
views
Google Authenticator - What to keep for emergency restore
I started to use Google Authenticator to secure my SSH servers with 2FA.
Running $ google-authenticator generates and prints a set of emergency keys beside a secret key and a verification code.
Your ...
- 103
0
votes
0
answers
233
views
How can I make password SSH more secure?
I need to log into a machine using a password. (This machine is provisioned automatically for me and others, and keys aren't provided, only individual passwords)
At first I used openssh from Windows ...
0
votes
2
answers
180
views
SSH fingerprint difference
tl,dr:
The user has a home server accessed via SSH by them and their coworkers. Recently, coworkers began experiencing connection issues, encountering different SSH keys than expected.
The user, on ...
0
votes
1
answer
920
views
How to access a non-trusted SSH server without a password and without providing your private key?
This answer explains how to set up a key-based ssh authentication to avoid re-typing the password at each access.
However, it apparently requires providing the server with a client's private key (No! ...
- 3
0
votes
1
answer
155
views
How to securely permission SSH keys on my mac so they require sudo access to both use and copy
I would like to set the permissions/owner settings for the SSH keys so they require sudo access to both use and copy. This would just be an additional security step if someone were to steal my laptop ...
- 131
-1
votes
2
answers
512
views
connecting to a ssh server using server's ssh private key only
for a CTF challenge design contest, I am looking for a way to enable connecting to the server using server's ssh private key only, I have tried out different ways to enable participants to connect to ...
- 1
1
vote
1
answer
124
views
Force close port 22 (ssh) on GCP VM
For security reasons, I want to close port 22 (ssh) of my VM that is on GCP.
Currently, if I execute the command telnet xx.xx.xxx.xxx 22 the server responds to me:
Trying xx.xx.xxx.xxx...
Connected to ...
9
votes
1
answer
8k
views
OpenSSH v8 client talking to OpenSSH v6.7p1 server: "no mutual signature algorithm" because of disabled ssh-rsa? But why and how?
My server recently stopped offering me public key-based authentication. I tried to log in using my RSA public key and only got:
$ ssh -v <server>
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 ...
- 331
1
vote
1
answer
82
views
how to add insecure command into sudoers file securely. Is it possible?
I'm using sshuttle command, and ideally I'd like to use it as service or at least without entering root password.
The problem is that there is -e parameter to customize ssh invocation, which sshuttle ...
- 583
1
vote
2
answers
456
views
Concerning sshd login attemps from unknown IP
I am running a Google Cloud Rocky Linux instance
For some operations, SFTP is required
I have found some concerning sshd login attemps from an unknown IP, limited logs below
Mar 09 15:29:16 server-...
- 137
1
vote
1
answer
1k
views
Why am I able to login into Cockpit web UI even though I disabled PAM and password authentication?
I have these settings on my remote machine under /etc/ssh/sshd_config
PermitRootLogin no
PermitRootLogin prohibit-password
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
The ...
- 11
0
votes
1
answer
2k
views
How do you avoid typing the passphrase (password) of your ssh key each time, on Linux and Windows with OpenSSH?
(This is a repost and edit of a question by xiiryo originally posted and closed fairly quickly on Stack Overflow.)
I use a passphrase-protected ssh key (RSA). (I used to call this a password-protected ...
- 1,048
0
votes
1
answer
835
views
ssh session get disconnected very frequently through a unknown scanner ip
I have very problem with ssh connection
all different type of disconnection error from 1 second to more but very frequently that does not allow me to work
-change sshd config DONE
-different server ...
4
votes
1
answer
888
views
What user's rights are used when a client gets a file from an SFTP server?
When a client connects to an SFTP server to get a file, is the file normally read from the host system using the rights granted to the account running the SFTP client or using the rights granted to ...
- 41
0
votes
1
answer
1k
views
Generating keypair for backend issuing JWT token
I need to generate a keypair for my backend to issue JWT token. I am using MacOS.
I tried on terminal:
ssh-keygen -t rsa
and path to /Users/john.brk/my_rsa.
It generates my_rsa and my_rsa.pub.
When ...
- 11
2
votes
0
answers
1k
views
Why are my verification codes not working when I ssh into my ubuntu server?
I'm trying to setup Google multifactor authentication up on my Ubuntu Server 20.04 machine so that when I ssh into the machine, it will require an ssh key and verification code from the google ...
0
votes
1
answer
470
views
Fedora SSHd not starting after upgrade to 35
today I've upgraded a VM server mounting Fedora 25 to Fedora 35.
I performed a step upgrade skipping 1 release at a time 25-->27-->...-->33-->35.
I had zero problems until the last upgrade,...
0
votes
1
answer
825
views
How to query AD within SSH key-based authentication session?
I have a PoSh script on a Windows (2019) server that I want to kick off from a simple web app (a button) on a linux webserver, so I enabled OpenSSH and restricted it to just a generic, unprivileged ...
- 378
0
votes
1
answer
4k
views
How to Disable any MD5 or 96-bit HMAC algorithms within the SSH configuration
I received a vulnerability for one of the serverstoday as below:
Disable any MD5 or 96-bit HMAC algorithms within the SSH configuration
How can I check if these algorithms are present in other ...
- 113
0
votes
0
answers
73
views
ssh login using authorized_keys alone without privatekey or password
I am trying to understand ssh using authorized_keys alone (i.e. not using local private keys). This is what I have done so far.
Created a local public + private key using the usual ssh-keygen -t rsa.
...
- 101
0
votes
0
answers
102
views
Connect from container to host and execute commands with sudo in a secure manner
I am able to ssh from a container to the host (after adding the container's public key into the host's authorized_keys file) and execute commands as user but need to supply the sudo password in plain ...
- 243
0
votes
2
answers
356
views
How secure is the openSSH login?
I am using several RPi's on my router, which have port forwarding for the port 22 out into the evil internet. When I connect to the RPi using openSSH (Powershell: ssh username@ip-adress -p 12345) it ...
- 831
0
votes
2
answers
1k
views
Endless ssh attempt from my IP using my public key ? Fail2ban fail to log anything useful
Lately, my hostinger server has been acting strange, I have hard time accessing the site hosted on it, I can't even ssh, however when I restart the server from hostinger panel. It works again.
Upon ...
- 69
0
votes
0
answers
161
views
SSH for root User on Private - but publicly accessable - machine
It is probably a duplicate of any question I did not find, but I am curious.
I own a Linux - server hosted somewhere and I configured it to allow ssh connections for user root - actually it has no ...
- 1
1
vote
0
answers
515
views
Orientation to know the scenarios to choice the best "Host Key Verification Strategy" option [closed]
About SSH for a remote and secured connection the approach is create in the client a pair of keys, public and private, do a copy of the public key content in the server within the .ssh/authorized_keys ...
- 341
0
votes
1
answer
1k
views
transfer files from remote-server to local-host via jump-host when port-forwarding is administratively inhibited
a valid however sometimes hindering policy at work is that remote server ports are not available in user space.
I only found the following solutions which (probably, as I didn't try them all) won't ...
- 180
1
vote
1
answer
1k
views
How secure is it to open my ssh port on my server if it uses public private key encryption?
I have multiple Linux servers and would like to be able to access them from the outside using my public IP address, these servers are secured with public private key encryption and can not be ...
- 11
4
votes
1
answer
16k
views
What causes SSH warning about ED25519 host key mismatch on new servers?
I frequently create and destroy virtual machines, and connect to them via SSH.
Operating system is RedHat Enterprise Linux versions 7 or 8 (happens with both) on both client and server side, and of ...
- 970
0
votes
0
answers
277
views
Security risk at ssh tunnel relay
I'm trying to use services such as ngrok/telebit to be able to access my personal web server outside my local network.
The web server contains a lot of sensitive data and I'm concerned about the ...
- 101
0
votes
1
answer
918
views
Password via SSH through command prompt, is it secure
If I run SSH command via a Windows bat file, is the communication secure. I have the following command in my batch file and it asks for the password once it is executed. I am worried whether the ...
0
votes
1
answer
94
views
Is establishing passwordless SSH between 2 remote nodes is a bad idea?
I have scenario where my shell script executing on server A with user “X” need to connect server B thru SSH same user “X” and perform some tasks, similarly I have couple more machines server C, Server ...
0
votes
2
answers
3k
views
How to secure an open port for SSH
I'm trying to set up a media sever for my parents at home so they can rip the disks (that they own of course), and stream it from anywhere in the house. My issue arises when I want to be able to ...
0
votes
2
answers
398
views
Create an SSH tunnel starting from the jump server
I have this server that I don't own so I cannot register new users or new authorized keys but I have to temporary share my access with a different user. I don't want to share my username and password.
...
- 101
1
vote
0
answers
431
views
How to verify if my network is under a man-in-the-middle attack?
What happened?
When I tried to pull from one of my repos, I got the following error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@...
- 11
0
votes
1
answer
532
views
Unauthorized access to a server over ssh when client-server connection is ssh-key based
Specifically as it pertains to opening up the server from a LAN/WLAN to the internet via port-forwarding.
I'm new to networking. I'd like to access a home server from outside my LAN/WLAN via port-...
- 3
1
vote
5
answers
1k
views
Someone's trying to hack me, don't understand how they are bypassing my router, please help me understand?
Mar 5 00:39:44 deepcool sshd[259265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.220.78 user=root
Mar 5 00:39:47 deepcool sshd[259265]: Failed ...
- 558
0
votes
1
answer
24
views
How do I get new ssh-keys (linux 20.04) into a secure server (linux 20.04) with no root access and fail2ban and Google auth
What do I need to do to get new ssh-keys into my linux 20.04 servers with no root access, fail2ban and Google auth installed.
I bought a new computer and want to access everything from there. I made ...
- 1
1
vote
1
answer
3k
views
Remote-SSH through Visual Studio Code not working because of permissions through WSL cross referencing
I have set up a linux server and I set the server to only accept ssh with an rsa pub key file. SSHing through the WSL client works but using Remote-SSH on VSC is not working. I get the error message:
...
- 11
1
vote
2
answers
923
views
How do I prevent brute force SSH attacks on MacOS?
I'm not running any special server OS, just the default MacOS 10.15 SSH daemon, with port 22 forwarded.
I looked in my system.log and found these entries during the middle of the night (when no known ...
3
votes
1
answer
535
views
GPG subkey seems to have different password
I have recently created a new OpenGPG key with Thunderbird and exported it to use it with gpg. However, I cannot decrypt anything outside Thunderbird because my subkey - which is used for encryption - ...
- 33
2
votes
1
answer
2k
views
How to blacklist certain ciphers and key exchange algorithms in ssh and sshd
To get a list of all supported algorithms, I can run ssh -Q kex, which on my machine outputs
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-...
- 155
2
votes
0
answers
4k
views
Application on remote computer * requested access to the x server
Using MobaXtrem to connect from my windows machine to an Ubuntu v16 remote server. I sometimes leave the connection active in the background while I'm away or working on other stuff.
For the second ...
- 21