Security News

SSH keys can be used in Linux or operating systems that support OpenSSH to facilitate access to other hosts without having to enter a password. Here's where secure shell, or SSH, keys come in handy to facilitate access.

GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts. "Once generated, you add these new keys to your account just like any other SSH key," GitHub Senior Security Engineer Kevin Jones said.

Jack Wallen shows you how to add an SSH tarpit to Ubuntu Server with the help of endlessh. Essentially, a tarpit will run on the standard SSH port and, when a hacker attempts to break through that port, they'll wind up stuck in an endless loop.

Jack Wallen shows you how to install and configure FreeRADIUS as a centralized SSH authentication tool. FreeRADIUS is a tool for authentication that is used by over 100 million people daily.

If you have trouble with SSH connections breaking, Jack Wallen shows you how you can enjoy a bit more persistence with the help of Eternal Terminal.

How it gets onto servers is unclear though systems infected by Kobalos have their SSH client tampered with to steal usernames and passwords, and presumably server addresses, that are typed into it. These details could be used by the malware's masterminds to log into those systems to propagate their malware.

Security researchers at cybersecurity company ESET discovered the malware and named it Kobalos, after the misbehaving creature in Greek mythology. "On compromised machines whose system administrators were able to investigate further, we discovered that an SSH credential stealer was present in the form of a trojanized OpenSSH client. The /usr/bin/sshfile was replaced with a modified executable that recorded username, password and target hostname, and wrote them to an encrypted file" - ESET. The researchers believe that credential theft could explain how the malware spreads to other systems on the same network or other networks in the academic sector since students and researchers from multiple universities may have SSH access to supercomputer clusters.

If you're not sure how to view your SSH certificates, Jack Wallen walks you through the steps on Linux, macOS, and Windows.

If you have trouble with SSH connections breaking, Jack Wallen shows you how you can enjoy a bit more persistence with the help of Eternal Terminal. One way around this problem is by using Eternal Terminal, in place of SSH. Eternal Terminal does a great job of re-establishing a connection to a remote machine, without user intervention.

Jack Wallen shows you how to make SSH connections even easier from your macOS machine. You probably use SSH to connect to remote machines for admin purposes.