Internet-facing #Linux systems and IoT devices are under attack! Discover how threat actors hijack SSH credentials, deploy backdoors and mining #cryptocurrency.
@YourAnonRiots The best and simplest way is to restrict #SSH to authorized keys only, disable password logins and fail2ban IPs when they try to brute-force access...
I was settling in to tinker with #ansible today for work and I just discovered a host called "docker0" on my #proxmox server here at the house. I have no entry for it in my #ssh config nor in #keepassxc. I have no clue what users are present on the system or what its purpose is. There does appear to be some #terraform state files laying around that might be related to it?
Current plan: murder it and see which family member starts to complain so I can identify what service(s) it's running.
#Fabric 3.1 / #Paramiko 3.2 out now, after months of hacking, rewriting, cursing ancient design decisions that don't work w/ non-OpenSSH targets, & so on & so forth.
Most of this is opt-in, experimental, and incomplete - but hey, it works well enough that my colleagues can get their ssh-agents and passphraseless pubkeys working with both #OpenSSH and #Teleport!
Solid foundation, living room furnished…rest of house forthcoming 😂
Hm. Bitbucket rotating their SSH host keys is interesting for all kinds of reasons, but maybe primarily because GitHub just rotated theirs a couple of months ago.
"SSH key-based authentication is tried-and-true, but it lacks a true public key infrastructure for key certification, revocation, and expiration. #Monkeysphere is a framework that uses the OpenPGP web of trust for these PKI functions."
Sounds like a cool project, is the monkey still alive? The homepage linked on that page is dead, and the only code I could find doesn't look like it's been touched in a while.
Before executing important commands and scripts over #SSH, use #screen in case of disconnect. If your connection drops or you close the terminal, you can SSH back in and enter screen -r to recover from where you left off. Being reunited with that hanging command prompt will be a relief! #tuesdaytip#gnu#linux#cli#admin
Something you rarely see are #SSH brute password attempts when the listener is on a port other than 22. 143.198.3.2 (#AS14061) did just that today.
It may be targeted, but I'd be curious if anyone has seen this source.
I saw it on one DNS server at an .edu. I've not seen the source poking any other hosts or any other port including 22. Shodan doesn't know about this SSH odd port listener.
So, I am totally in love with the #kitty terminal. My only issue is that I have to do the infocmp | pbcopy -> ssh -> tic - Cmd-v dance for EVERY SINGLE NEW MACHINE I connect to, and as a Devops guy that's multiple times per day.
Anyone know of a way around that? Do you just set your TERM to be xterm rather than xterm-kitty and lose all the groovy special Kitty features?
sigh this bright boy should go read the fine manual :)
Kitty is pretty amazing, and as it turns out it will inject the appropriate terminal magic into any machine you ssh to so it to can be kitty enhanced :)
CVE-2023-25136 OpenSSH Pre-Auth Double Free Writeup & DoS PoC (jfrog.com)