Security News

SSH holds fingerprints of your remote machines in the known hosts file. The SSH known hosts file contains fingerprints of the known machines you've logged into.

If you've started rolling out AlmaLinux to your data centers, you should enable 2FA for SSH authentication. One way to beef up the security of any Linux server is to enable two-factor authentication for SSH logins.

You don't want that, which is why you should employ a tool like MOSH. MOSH stands for Mobile Shell and makes it possible for you to keep a persistent SSH connection-even if you change networks or your connection momentarily drops. Under the hood, MOSH logs the user in via SSH and then starts a connection on a UDP port between 60000 and 61000, to keep the connection persistent.

SSH keys can be used in Linux or operating systems that support OpenSSH to facilitate access to other hosts without having to enter a password. Here's where secure shell, or SSH, keys come in handy to facilitate access.

GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts. "Once generated, you add these new keys to your account just like any other SSH key," GitHub Senior Security Engineer Kevin Jones said.

Jack Wallen shows you how to add an SSH tarpit to Ubuntu Server with the help of endlessh. Essentially, a tarpit will run on the standard SSH port and, when a hacker attempts to break through that port, they'll wind up stuck in an endless loop.

Jack Wallen shows you how to install and configure FreeRADIUS as a centralized SSH authentication tool. FreeRADIUS is a tool for authentication that is used by over 100 million people daily.

If you have trouble with SSH connections breaking, Jack Wallen shows you how you can enjoy a bit more persistence with the help of Eternal Terminal.

How it gets onto servers is unclear though systems infected by Kobalos have their SSH client tampered with to steal usernames and passwords, and presumably server addresses, that are typed into it. These details could be used by the malware's masterminds to log into those systems to propagate their malware.

Security researchers at cybersecurity company ESET discovered the malware and named it Kobalos, after the misbehaving creature in Greek mythology. "On compromised machines whose system administrators were able to investigate further, we discovered that an SSH credential stealer was present in the form of a trojanized OpenSSH client. The /usr/bin/sshfile was replaced with a modified executable that recorded username, password and target hostname, and wrote them to an encrypted file" - ESET. The researchers believe that credential theft could explain how the malware spreads to other systems on the same network or other networks in the academic sector since students and researchers from multiple universities may have SSH access to supercomputer clusters.