Joe Testa
Joe Testa
Thanks for this reminder, though there is a proposal to remove all of the CVE information from ssh-audit due the inherent inaccuracy in header version checks (see https://github.com/jtesta/ssh-audit/issues/240#issuecomment-1913749629).
On a technical level, the logic needed to give an accurate answer to the user doesn't currently exist in the code base. When the Terrapin attack was published (CVE-2023-48795), OpenSSH...
As per the community vote results (see https://github.com/jtesta/ssh-audit/issues/240#issuecomment-2377414379), all version-based CVE information has been removed in https://github.com/jtesta/ssh-audit/commit/93b30b42584cef103652b426ab62c0e8b32e2667. This issue is now moot and is closed. Nevertheless, your participation in this...
> Would you accept a contribution that allows printing post-quantum > algorithms? I'm not the maintainer, but I'd say this would be an important addition. > And is it correct...
As far as I know, the guides are already optimized to give admins an easy time. If I found a platform that only included nftables, then I'd switch to that...
Ahh, ok. I see that the guide for Debian 12 has the user install iptables. I suppose that one can be updated to use nftables. Note that the guide for...
I tried researching the commands needed to limit 10 connections per every 10 seconds, but couldn't find a way to do it. OpenSSH implemented better rate limiting in the last...
Did that platform originally have a `/etc/crypto-policies/back-ends/opensshserver.config` file? What are the full contents of `/etc/ssh/sshd_config`? What are the full contents of all files in `/etc/ssh/sshd_config.d/`? What command did you use...
I suppose I'll close this ticket, as @bbaassssiiee gave some instructions. FYI, if anyone wants to make a community guide for hardening Almalinux, they can create a wiki page, then...