For your personal system hopping and coding - how many #SSH keys do you use?

Portable OpenSSH 10.0p1 will not exist. It will be known as OpenSSH 10.0p2.

https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-April/000163.html
- - -
OpenSSH portable 10.0p1 n’existera pas. Ce sera connue comme OpenSSH 10.0p2.

// Publication en anglais //

OpenSSH 10.0 Released https://www.undeadly.org/cgi?action=article;sid=20250410053152 #openbsd #openssh #ssh #security #networking #development #newrelease #devops #sysadmin #freesoftware #libresoftware

Alert when users log in from new locations

https://github.com/mricon/howler

OpenSSH 10 is out now, featuring stronger cryptographic defaults, new post-quantum key exchange, and key security improvements across the board.
https://linuxiac.com/openssh-10-released-makes-bold-cryptographic-changes/

OpenSSH 10 relies on standards for quantum-safe key exchange

The DSA algorithm, which has been discontinued for years, is now disappearing completely from the secure remote shell, to be replaced by MLKEM768.

https://www.heise.de/en/news/OpenSSH-10-relies-on-standards-for-quantum-safe-key-exchange-10346176.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

OpenSSH 10 setzt auf Standards für quantensicheren Schlüsselaustausch

Der seit Jahren abgekündigte DSA-Algorithmus verschwindet nun vollständig aus der sicheren Remote-Shell, seine Nachfolge tritt MLKEM768 an.

https://www.heise.de/news/OpenSSH-10-setzt-auf-Standards-fuer-quantensicheren-Schluesselaustausch-10345975.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

March 2025 Security Issues in Korean & Global Financial Sector

This analysis covers cyber threats and security issues in the financial industry, focusing on South Korea and global incidents. It examines malware and phishing cases, lists top malware strains, and provides statistics on leaked Korean accounts. The report delves into major financial threats on the dark web, including credit card data breaches, database leaks, and ransomware attacks. Notable cases involve the sale of 40 GB of credit card details from BidenCash, a data breach at a Swiss insurance company, a ransomware attack on a Sri Lankan bank, and the sale of SSH access credentials for a Canadian bankers association. These incidents highlight the need for enhanced security measures, comprehensive data management, and vigilance against evolving cyber threats in the financial sector.

Pulse ID: 67f4d122afc32aa34ba64375
Pulse Link: https://otx.alienvault.com/pulse/67f4d122afc32aa34ba64375
Pulse Author: AlienVault
Created: 2025-04-08 07:32:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Pico.sh: The SSH-Powered Services Every Developer Should Try #Pico #SSH #Developer #Webservice #Linux #SecureShell
https://ostechnix.com/pico-sh-ssh-powered-developer-services/

Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective

OUTLAW is a persistent Linux malware that uses basic techniques like SSH brute-forcing, SSH key manipulation, and cron-based persistence to maintain a long-lasting botnet. Despite its lack of sophistication, it remains active by leveraging simple but impactful tactics. The malware deploys modified XMRig miners, uses IRC for command and control, and includes publicly available scripts for persistence and defense evasion. OUTLAW's infection chain spans nearly the entire MITRE ATT&CK framework, offering many detection opportunities. It propagates in a worm-like manner, using compromised hosts to launch further SSH brute-force attacks on local subnets, rapidly expanding the botnet.

Pulse ID: 67ef069f9224aa64d79e6a8e
Pulse Link: https://otx.alienvault.com/pulse/67ef069f9224aa64d79e6a8e
Pulse Author: AlienVault
Created: 2025-04-03 22:07:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

TookPS distributed under the guise of UltraViewer, AutoCAD, and Ableton

A malware campaign is distributing the TookPS downloader by impersonating popular software like UltraViewer, AutoCAD, SketchUp, Ableton, and Quicken. The malware establishes an SSH tunnel for remote access and deploys additional payloads like TeviRat and Lapmon backdoors. The attackers gain full system control through various methods. The campaign targets both individuals and organizations, using domains registered in early 2024. Users are advised to avoid downloading pirated software, while organizations should implement strict security policies and conduct regular awareness training.

Pulse ID: 67eea35a7cea57b67d9c3172
Pulse Link: https://otx.alienvault.com/pulse/67eea35a7cea57b67d9c3172
Pulse Author: AlienVault
Created: 2025-04-03 15:03:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Quand je ne peux pas utiliser `scp -r root@myserver:/foobar/ ./`, voici une méthode shell pour upload / download avec ssh, tar et sudo :

https://notes.sklein.xyz/2025-04-02_1648/

j'ai des déconnexions quand je pousse les backups en #ssh via #borg
Testons avec un montage #sshFS

Lost #ssh access to my #FreeBSD VPS after enabling #pf :D

A Complete Guide to Install, Enable, and Secure SSH on Fedora Linux 42 #SSH #SecureShell #Fedora #Linux #Security #Linuxhowto #Linuxadmin
https://ostechnix.com/set-up-configure-ssh-fedora/

If I have a #codeberg account set up, with a verified #ssh key on my account and the corresponding public and private keys in `~/.ssh/`, is there a way that I can make it so that it doesn't ask me for my keyphrase every time I push? I'm sure VSCode could do this, but since I've switched to #Helix, which doesn't have git built-in I've been manually doing the git stuff.
My knowledge of #cryptography and #git are well and truly at the 'barely enough to get myself into trouble' level.
#AskFedi