stribika.github.io
stribika.github.io copied to clipboard
stribika
# Issue Section Client authentication advises to add ``` HostKeyAlgorithms [email protected],[email protected],ssh-ed25519,ssh-rsa ``` to section `Host *` of `/etc/ssh/ssh_config`. At least in OpenSuse Leap 15.3 the command ``` systemctl restart sshd.service...
https://terrapin-attack.com/ I was reading Secure Secure Shell, and found this near the end: > After some debate and going back and forth between including GCM or not, it’s now back...
OpenSSH renamed the moduli generation flags on 2019-12-30 (https://github.com/openssh/openssh-portable/commit/3e60d18fba1b502c21d64fc7e81d80bcd08a2092). The new flags break compatibility with older versions and any code that uses them should switch to the new flags.
A stealth Onion service is a form of mutually authenticated connection between a Tor hidden service and a Tor client. The Tor server's identity is verified by virtue of its...
chattr is not invoked in normal system startup. Providing a one-line solution.
Just fixed a minor typo/error. Number 8 of key exchange protocols (iffie-hellman-group-exchange-sha256) isn't affected by opinions about NIST.
@stribika, it would be really interesting to know what your **current** best SSH practices are -- five years after your excellent post: https://stribika.github.io/2015/01/04/secure-secure-shell.html any further suggestions? new threats to beware?...
[This document](https://stribika.github.io/2015/01/04/secure-secure-shell.html) has encouraged one of our system administrators to disable any use of SHA-1 in a major SSH server at our site. This has caused compatibility problems, in particular...
I wonder if it'd be worth replacing the passage of secure-secure-shell that talks about moduli generation with importing the relevant fixed moduli from [RFC 7919](https://tools.ietf.org/html/rfc7919), Appendix A.
I am seeing some traffic trying to log into my server using MACs hmac-ripemd160 or [email protected]. I was hoping you could add some info about these MACs. thanks!
