Hacker News with Generative AI: OpenSSH

MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (marc.info)
We discovered two vulnerabilities in OpenSSH:

Security, OpenSSH, Vulnerability

6 points by birdculture 3 days ago | 0 comments

Some ways to restrict who can log in via OpenSSH and how they authenticate (utoronto.ca)
In yesterday's entry on allowing password authentication from the Internet for SSH, I mentioned that there were ways to restrict who this was enabled for or who could log in through SSH. Today I want to cover some of them, using settings in /etc/ssh/sshd_config.

Security, OpenSSH, Linux, SSH, Configuration

5 points by zdw 34 days ago | 0 comments

OpenSSH Keystroke Obfuscation Bypass (crzphil.github.io)
A disclosure for an OpenSSH keystroke obfuscation bypass affecting current OpenSSH versions after 9.4.

Security, OpenSSH, Vulnerability, Hacking

200 points by pabs3 164 days ago | 25 comments

Some thoughts on OpenSSH 9.8's PerSourcePenalties feature (utoronto.ca)

Security, OpenSSH, Networking

75 points by jandeboevrie 191 days ago | 80 comments

NetBSD Security Advisory 2024-002 – OpenSSH CVE-2024-6387 `regreSSHion' (netbsd.org)

Security, Operating Systems, OpenSSH, Vulnerabilities

3 points by lijunhao 222 days ago | 0 comments

CVE-2024-6409: OpenSSH: Possible remote code execution in privsep child (openwall.com)

Security, OpenSSH, Vulnerabilities

141 points by andreyv 227 days ago | 56 comments

RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (qualys.com)

Security, Linux, OpenSSH

830 points by robinhoodexe 235 days ago | 338 comments

OpenSSH 9.8 (mindrot.org)

OpenSSH, Software, Security

17 points by frutiger 248 days ago | 2 comments