Unauthenticated Remote Code Execution in Erlang/OTP SSH
(github.com/erlang)
A serious vulnerability has been identified in the Erlang/OTP SSH server that may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials.
A serious vulnerability has been identified in the Erlang/OTP SSH server that may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials.
An SSH adventure; or, why l10n support is important
(gitlab.com)
this is IMPECCABLE work i was on the edge of my seat the whole time
this is IMPECCABLE work i was on the edge of my seat the whole time
SSH Keys Don't Scale. SSH Certificates Do
(infisical.com)
SSH access is ubiquitous. It's how engineers, scripts, and platforms across the world remotely administer Linux systems. Whether you're running a small development server or managing a global fleet, you almost certainly rely on SSH in some form or another.
SSH access is ubiquitous. It's how engineers, scripts, and platforms across the world remotely administer Linux systems. Whether you're running a small development server or managing a global fleet, you almost certainly rely on SSH in some form or another.
The order of files in /etc/ssh/sshd_config.d/ matters
(utoronto.ca)
Suppose, not entirely hypothetically, that you have an Ubuntu 24.04 server system where you want to disable SSH passwords for the Internet but allow them for your local LAN.
Suppose, not entirely hypothetically, that you have an Ubuntu 24.04 server system where you want to disable SSH passwords for the Internet but allow them for your local LAN.
Pico.sh – SSH powered services for developers
(pico.sh)
The ultimate ssh powered services for developers
The ultimate ssh powered services for developers
LightkeeperRM: Lightweight drop-in replacement for maintaining servers over SSH
(github.com/kalaksi)
LightkeeperRM (Remote Management) is a lightweight and modular drop-in replacement for maintaining servers over SSH.
LightkeeperRM (Remote Management) is a lightweight and modular drop-in replacement for maintaining servers over SSH.
Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
(cloudflare.com)
OPKSSH makes it easy to SSH with single sign-on technologies like OpenID Connect, thereby removing the need to manually manage and configure SSH keys. It does this without adding a trusted party other than your identity provider (IdP).
OPKSSH makes it easy to SSH with single sign-on technologies like OpenID Connect, thereby removing the need to manually manage and configure SSH keys. It does this without adding a trusted party other than your identity provider (IdP).
Pam Unixsock
(miek.nl)
Ever felt the need to do something with PAM, like implementing 2FA in SSH? You are left with a few bad choices, among others you’ll need to write something (complex) in C. I rather not do that, so I’ve created pam-unixsock.
Ever felt the need to do something with PAM, like implementing 2FA in SSH? You are left with a few bad choices, among others you’ll need to write something (complex) in C. I rather not do that, so I’ve created pam-unixsock.
Bcvi – run vi over a 'back-channel' (2010)
(sourceforge.net)
If you use SSH, you might find bcvi useful. This article attempts to describe what it is and why you might use it. Let's start with what it is:
If you use SSH, you might find bcvi useful. This article attempts to describe what it is and why you might use it. Let's start with what it is:
SSH Rate Limiting with Pam and Nftables
(truschnigg.info)
Anyone who operates an SSH server somewhere on the Internet is bound to suffer a relentless torrent of inbound connections, probably from some botnet or another, trying to log in with the myriad credentials that leaked from other systems and networks.
Anyone who operates an SSH server somewhere on the Internet is bound to suffer a relentless torrent of inbound connections, probably from some botnet or another, trying to log in with the myriad credentials that leaked from other systems and networks.
Down the rabbit hole: Implementing SSH port forwarding over AWS Session Manager
(joinformal.com)
A technical quest through obscure SSH and AWS Session Manager features in service of enabling VS Code Remote SSH via the Formal Connector, culminating in forking and fixing several concurrency bugs in AWS’s own reference library for connecting to compute instances using SSM.
A technical quest through obscure SSH and AWS Session Manager features in service of enabling VS Code Remote SSH via the Formal Connector, culminating in forking and fixing several concurrency bugs in AWS’s own reference library for connecting to compute instances using SSM.
VSCode’s SSH agent is bananas
(fly.io)
We’re interested in getting integrated into the flow VSCode uses to do remote editing over SSH, because everybody is using VSCode now, and, in particular, they’re using forks of VSCode that generate code with LLMs.
We’re interested in getting integrated into the flow VSCode uses to do remote editing over SSH, because everybody is using VSCode now, and, in particular, they’re using forks of VSCode that generate code with LLMs.
Some ways to restrict who can log in via OpenSSH and how they authenticate
(utoronto.ca)
In yesterday's entry on allowing password authentication from the Internet for SSH, I mentioned that there were ways to restrict who this was enabled for or who could log in through SSH. Today I want to cover some of them, using settings in /etc/ssh/sshd_config.
In yesterday's entry on allowing password authentication from the Internet for SSH, I mentioned that there were ways to restrict who this was enabled for or who could log in through SSH. Today I want to cover some of them, using settings in /etc/ssh/sshd_config.
Thoughts on having SSH allow password authentication from the Internet
(utoronto.ca)
On the Fediverse, I recently saw a poll about whether people left SSH generally accessible on its normal port or if they moved it; one of the replies was that the person left SSH on the normal port but disallowed password based authentication and only allowed public key authentication. This almost led to me posting a hot take, but then I decided that things were a bit more nuanced than my first reaction.
On the Fediverse, I recently saw a poll about whether people left SSH generally accessible on its normal port or if they moved it; one of the replies was that the person left SSH on the normal port but disallowed password based authentication and only allowed public key authentication. This almost led to me posting a hot take, but then I decided that things were a bit more nuanced than my first reaction.
Show HN: An SSH based utility to transfer pipes across machines – beam
(github.com/ksdme)
transfer pipes and files from one computer to another over ssh
transfer pipes and files from one computer to another over ssh
Show HN: Keypub.sh – OAuth for the terminal using SSH keys
(keypub.sh)
A verified directory for SSH public keys.
A verified directory for SSH public keys.
Show HN: Copy from tmux/nvim to clipboard over SSH
(mil.ad)
Copying text to clipboard when working on a remote machine via SSH can be tricky. While you can usually highlight text with your mouse to copy it to the primary selection clipboard (and paste with middle-click), this approach has limitations.
Copying text to clipboard when working on a remote machine via SSH can be tricky. While you can usually highlight text with your mouse to copy it to the primary selection clipboard (and paste with middle-click), this approach has limitations.
Guide to SSH Reverse Tunneling
(pinggy.io)
SSH reverse tunneling is a powerful tool that enables secure remote access to systems or services that are behind firewalls or NATs (Network Address Translation). It is often used to provide external access to local systems and services without modifying the network’s security settings. In this detailed guide, we will break down SSH reverse tunneling, explain its applications, highlight security practices, and discuss alternatives. We will then discuss how Pinggy uses SSH reverse tunneling to share applications and services from localhost.
SSH reverse tunneling is a powerful tool that enables secure remote access to systems or services that are behind firewalls or NATs (Network Address Translation). It is often used to provide external access to local systems and services without modifying the network’s security settings. In this detailed guide, we will break down SSH reverse tunneling, explain its applications, highlight security practices, and discuss alternatives. We will then discuss how Pinggy uses SSH reverse tunneling to share applications and services from localhost.
Ask HN: How did you replace Teleport?
(ycombinator.com)
Teleport is a good software if you can't configure your SSH servers with Kerberos, or can't figure out Kubernetes' millions of authentication and authorisations solutions.
Teleport is a good software if you can't configure your SSH servers with Kerberos, or can't figure out Kubernetes' millions of authentication and authorisations solutions.
Show HN: I made an SSH tunnel manager to learn Go
(github.com/alebeck)
A simple & reliable command line SSH tunnel manager.
A simple & reliable command line SSH tunnel manager.
Sshfs for Windows
(github.com/winfsp)
SSHFS-Win is a minimal port of SSHFS to Windows. Under the hood it uses Cygwin for the POSIX environment and WinFsp for the FUSE functionality.
SSHFS-Win is a minimal port of SSHFS to Windows. Under the hood it uses Cygwin for the POSIX environment and WinFsp for the FUSE functionality.
Visual guide to SSH tunneling and port forwarding (2023)
(ittavern.com)
To make it quick, I wish I had known about port forwarding and tunneling earlier. With this blog post, I try to understand it better myself and share some experiences and tips with you.
To make it quick, I wish I had known about port forwarding and tunneling earlier. With this blog post, I try to understand it better myself and share some experiences and tips with you.
Show HN: Poker over SSH
(github.com/theOGognf)
Wanting to play poker but only have a computer and no playing cards? Having a slow day at work and in need of something to pass the time with your coworkers? Managing an entirely legal gambling ring and in need of a secure, private, and easy-to-use solution for running poker games?
Wanting to play poker but only have a computer and no playing cards? Having a slow day at work and in need of something to pass the time with your coworkers? Managing an entirely legal gambling ring and in need of a secure, private, and easy-to-use solution for running poker games?
Tailscale SSH
(tailscale.com)
Tailscale SSH allows Tailscale to manage the authentication and authorization of SSH connections on your tailnet.
Tailscale SSH allows Tailscale to manage the authentication and authorization of SSH connections on your tailnet.