Switching the SSH listening port is an easy way to help secure remote login on your Linux servers. SSH has a lot of tricks up its sleeve for security, one of which is to configure the service to use a non-standard port.
Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said it's building safeguards to prevent vulnerable versions of GitKraken from adding newly generated weak keys.
Microsoft revoked insecure SSH keys some Azure DevOps have generated using a GitKraken git GUI client version impacted by an underlying issue found in one of its dependencies. The decision to revoke the keys was taken after GitKraken's developer Axosoft notified Microsoft on September 28 that a bug in the keypair library's pseudo-random number generator led to duplicate RSA keys being generated.
GitHub has revoked weak SSH authentication keys generated using a library that incorrectly created duplicate RSA keypairs. Today, in a coordinated disclosure between GitHub and Axosoft, LLC., the makers of the popular GitKraken Git client, GitHub said they revoked weak SSH keys generated by the 'keypair' library used by the software.
Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "High confidence" to a threat actor operating out of China. "The Serv-U SSH server is subject to a pre-auth remote code execution vulnerability that can be easily and reliably exploited in the default configuration," Microsoft Offensive Research and Security Engineering team said in a detailed write-up describing the exploit.
Looking for an easier way to configure SSH on your data center servers? How about Webmin? Jack Wallen walks you through some of the options for better SSH security using this web-based GUI. Nearly every Linux server I administer is done via SSH. Given that I've been working with Linux for over 20 years, configuring SSH with an eye on security is pretty simple for me. Once you have Webmin up and running, you're all set to configure SSH. How to configure SSH via Webmin.
You can add an SSH tarpit to Ubuntu Server with the help of endlessh. Jack Wallen shows you how.
SSH holds fingerprints of your remote machines in the known hosts file. The SSH known hosts file contains fingerprints of the known machines you've logged into.