Security News

How to configure SSH to use a non-standard port with SELinux set to enforcing
2021-10-14 14:32

Switching the SSH listening port is an easy way to help secure remote login on your Linux servers. SSH has a lot of tricks up its sleeve for security, one of which is to configure the service to use a non-standard port.

GitHub Revoked Insecure SSH Keys Generated by a Popular git Client
2021-10-12 21:39

Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said it's building safeguards to prevent vulnerable versions of GitKraken from adding newly generated weak keys.

Microsoft revokes insecure SSH keys for Azure DevOps customers
2021-10-12 12:00

Microsoft revoked insecure SSH keys some Azure DevOps have generated using a GitKraken git GUI client version impacted by an underlying issue found in one of its dependencies. The decision to revoke the keys was taken after GitKraken's developer Axosoft notified Microsoft on September 28 that a bug in the keypair library's pseudo-random number generator led to duplicate RSA keys being generated.

GitHub revokes duplicate SSH auth keys linked to library bug
2021-10-11 20:12

GitHub has revoked weak SSH authentication keys generated using a library that incorrectly created duplicate RSA keypairs. Today, in a coordinated disclosure between GitHub and Axosoft, LLC., the makers of the popular GitKraken Git client, GitHub said they revoked weak SSH keys generated by the 'keypair' library used by the software.

How to use this unique method of securing SSH
2021-10-07 14:47

Jack Wallen offers up a different method of securing SSH that could be rather timely in helping to lock down your Linux servers. The other day I was thinking of ways to secure SSH that were a bit outside the norm.

How to secure SSH logins with port knocking
2021-09-23 13:53

Knock, knock ... who's there? SSH. SSH who? You need to lock down your servers so that only you have access via SSH. One way to help that is with knockd. There are always things you can do to make SSH more secure.

Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack
2021-09-06 03:12

Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "High confidence" to a threat actor operating out of China. "The Serv-U SSH server is subject to a pre-auth remote code execution vulnerability that can be easily and reliably exploited in the default configuration," Microsoft Offensive Research and Security Engineering team said in a detailed write-up describing the exploit.

How to configure SSH access through Webmin
2021-08-19 17:03

Looking for an easier way to configure SSH on your data center servers? How about Webmin? Jack Wallen walks you through some of the options for better SSH security using this web-based GUI. Nearly every Linux server I administer is done via SSH. Given that I've been working with Linux for over 20 years, configuring SSH with an eye on security is pretty simple for me. Once you have Webmin up and running, you're all set to configure SSH. How to configure SSH via Webmin.

Set up an SSH tarpit in Ubuntu Server 20.04: Here's how
2021-08-02 15:28

You can add an SSH tarpit to Ubuntu Server with the help of endlessh. Jack Wallen shows you how.

How to remove or update a single entry from the SSH known_hosts file
2021-07-29 18:20

SSH holds fingerprints of your remote machines in the known hosts file. The SSH known hosts file contains fingerprints of the known machines you've logged into.