wloczykij , 22 days ago to linux_pl group Polish

Próbował może ktoś używać ssh i jakiś aplikacji ncurses (np mc) na łączu 32 kbit/s. Da się tego używać? Mam pewien pomysł i być może to rozwiąże mój jeden problem, ale muszę wiedzieć, czy da się używać tego jakoś sensownie na tak wolnym łączu.

Jakby kogoś interesowało. Potrzebuje jakiegoś zapasowego łącza do serwerka, żeby sprawdzić jakie są problemy w razie utraty głównego połączenia.

@linux_pl
#linux
#sieci
#łączeInternetowe
#awariaSieci
#awaria
#network
#ssh

vredesduyf , 2 months ago to random

#introduction Ah crap, here we go.
Call me Vred, I'm a nearly-deaf, autistic human being with ADHD who's obsessed with nerdy stuff, including #linux #it #trainbubble #privacy and #security and much, much more.
Strangely obsessed with #base64 and the #ssh protocol.

If there's some extrovert on this platform, feel free to get in touch! =)

nixCraft , 2 months ago to random

Every version of the PuTTY tools from 0.68 to 0.80 inclusive has a critical vulnerability in the code that generates signatures from ECDSA private keys. Tthe effect of the vulnerability is to compromise the private key https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html #infosec #security #ssh #opensource #linux #unix #windows

simontatham , 2 months ago to random

We've released #PuTTY version 0.81. This is a SECURITY UPDATE, fixing a #vulnerability in ECDSA signing for #SSH.

If you've used a 521-bit ECDSA key (ecdsa-sha2-nistp521) with any previous version of PuTTY, consider it compromised! Generate a new key pair, and remove the old public key from authorized_keys files.

Other key types are not affected, even other sizes of ECDSA. In particular, Ed25519 is fine.

This vulnerability has id CVE-2024-31497. Full information is at https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

ricci , 2 months ago to random

Hey! Let's talk about #SSH and #security!

If you've ever looked at SSH server logs you know what I'm about to say: Any SSH server connected to the public Internet is getting bombarded by constant attempts to log in. Not just a few of them. A lot of them. Sometimes even dozens per second. And this problem is not going away; it is, in fact, getting worse. And attackers' behavior is changing.

The graph attached to this post shows the number of attempted SSH logins per day to one of @cloudlab s clusters over a four-year period. It peaks at about 3.4 million login attempts per day.

This is part of a study we did on our production system, using logs of more than 640 million login attempts, covering more than 1,500 hosts on our side and observing more than 840 thousand incoming IP addresses.

A paper presenting our analysis and a new, highly effective means to block SSH brute force attacks ("Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them") will be presented next week at #NSDI24 by @sachindhke . The full paper is at https://www.flux.utah.edu/paper/singh-nsdi24

Let's dive in. 🧵

vbatts , 2 months ago to random

PSA: now more than ever, sign your #git commits.

Either git commit -sS every commit; or git config commit.gpgSign 1 in a project; or git config --global commit.gpgSign 1

Use #GPG or even your existing #SSH key.

More info:

• https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key
• https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work

scy , 2 months ago to random

Eek. Apparently liblzma (part of the xz package) has a backdoor in versions 5.6.0 and 5.6.1, causing SSH to be compromised.

https://www.openwall.com/lists/oss-security/2024/03/29/4

This might even have been done on purpose by the upstream devs.

Developing story, please take with a grain of salt.

The 5.6 versions are somewhat recent, depending on how bleeding edge your distro is you might not be affected.

#liblzma #xz #lzma #backdoor #ITsecurity #OpenSSH #SSH

itnewsbot Bot , 3 months ago to random

Webserver Runs on Android Phone - Android, the popular mobile phone OS, is essentially just Linux with a nice user i... - https://hackaday.com/2024/03/27/webserver-runs-on-android-phone/ #softwarehacks #smartphone #webserver #android #apache #server #termux #linux #phone #ssh