Security News

Microsoft revoked insecure SSH keys some Azure DevOps have generated using a GitKraken git GUI client version impacted by an underlying issue found in one of its dependencies. The decision to revoke the keys was taken after GitKraken's developer Axosoft notified Microsoft on September 28 that a bug in the keypair library's pseudo-random number generator led to duplicate RSA keys being generated.

GitHub has revoked weak SSH authentication keys generated using a library that incorrectly created duplicate RSA keypairs. Today, in a coordinated disclosure between GitHub and Axosoft, LLC., the makers of the popular GitKraken Git client, GitHub said they revoked weak SSH keys generated by the 'keypair' library used by the software.

Jack Wallen offers up a different method of securing SSH that could be rather timely in helping to lock down your Linux servers. The other day I was thinking of ways to secure SSH that were a bit outside the norm.

Knock, knock ... who's there? SSH. SSH who? You need to lock down your servers so that only you have access via SSH. One way to help that is with knockd. There are always things you can do to make SSH more secure.

Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "High confidence" to a threat actor operating out of China. "The Serv-U SSH server is subject to a pre-auth remote code execution vulnerability that can be easily and reliably exploited in the default configuration," Microsoft Offensive Research and Security Engineering team said in a detailed write-up describing the exploit.

Looking for an easier way to configure SSH on your data center servers? How about Webmin? Jack Wallen walks you through some of the options for better SSH security using this web-based GUI. Nearly every Linux server I administer is done via SSH. Given that I've been working with Linux for over 20 years, configuring SSH with an eye on security is pretty simple for me. Once you have Webmin up and running, you're all set to configure SSH. How to configure SSH via Webmin.

You can add an SSH tarpit to Ubuntu Server with the help of endlessh. Jack Wallen shows you how.

SSH holds fingerprints of your remote machines in the known hosts file. The SSH known hosts file contains fingerprints of the known machines you've logged into.

If you've started rolling out AlmaLinux to your data centers, you should enable 2FA for SSH authentication. One way to beef up the security of any Linux server is to enable two-factor authentication for SSH logins.

You don't want that, which is why you should employ a tool like MOSH. MOSH stands for Mobile Shell and makes it possible for you to keep a persistent SSH connection-even if you change networks or your connection momentarily drops. Under the hood, MOSH logs the user in via SSH and then starts a connection on a UDP port between 60000 and 61000, to keep the connection persistent.