github-keygen v1.401 is released.

An hybrid post quantum algorithm is added to the configuration, in hope it will be supported server side by GitHub.

Also a few Windows fixes.

Full changes: https://github.com/dolmen/github-keygen/releases/tag/v1.401

My first commit on that project was 14 years ago. Time flies!

I'm betting the answer here is "this isn't possible" but if anyone knows how to tell OpenSSH that when it's enumerating pubkeys it should check which of the two known authentication dongles is actually plugged into the computer, and only prompt me to unlock the SK key that belongs to that dongle, not both of them, please tell me how.

OpenSSH Config Tags How To

https://mrod.space/2023/09/04/using-tags-in-ssh-config

To be honest I did not know tags existed in #OpenSSH

With a focus on usability, @almalinux OS 10 has been released
https://www.admin-magazine.com/News/AlmaLinux-OS-10-Released?utm_source=mam
#EnterpriseLinux #AlmaLinux #RHEL #cryptography #OpenSSH #sudo #SecureBoot

Warum genau liegt im Archiv mit dem Quelltext von #OpenSSH "openssh-10.0p2.tar.gz" der Quelltext von openssh-10.0p1?

Meine Pipeline ist auf die Nase gefallen, weil es p2 erwaret aber nur p1 findet...

Auch die Hashes von p1 und p2 sind gleich...

689148621a2eaa734497b12bed1c5202 openssh-10.0p1.tar.gz
689148621a2eaa734497b12bed1c5202 openssh-10.0p2.tar.gz

To support legacy OpenSSH v8.1 #openssh #sftp

https://askubuntu.com/q/1549899/612

TIL: According to the ssh_config man page, comments in ~/.ssh/config need to be on their own line. In other words,

Host foo # my awesome host

is not a valid comment.

The ssh command seems pretty relaxed about this, but other tools (e.g. Paramiko) are not necessarily.

https://github.com/paramiko/paramiko/issues/2111

I'm looking to hook up PerSourcePenalties in the sshd_config on my VPS, and can't find any examples of using them out there. They're a new-ish feature, so I wonder if anyone's an expert yet besides @djm.

Specifically, I'm getting a lot of attempted password logins on a system where "PasswordAuthentication no" is set, and I see five door-knocks from each IP before they get punted. Would rather have that kick in more quickly to keep the logs less cluttered.

Multiplexing will boost your SSH connectivity or speed by reusing existing TCP connections to a remote host. Here are commands that you can use to control multiplexing when using OpenSSH server or client on your Linux, macOS, FreeBSD or Unix-like systems. Not sure what SSH multiplexing is? Learn how to set it up and use it to speed up your SSH sessions with our handy guide: https://www.cyberciti.biz/faq/ssh-multiplexing-control-command-to-check-forward-list-cancel-stop-connections/

Today i've learned that i don't need coder. I am now deploying an #ubuntu container from a #Dockerfile with an #openssh #server installed. This is a much better setup. Nearly every #Codeeditor supports #ssh workspaces so i'm not limited.

But the best thing about this setup is that it is very easy to automate using #Ansible.

I've used the same approach to set up #kali #linux environments months ago and should have stuck with that. It just works.

DSA signature support removed from OpenSSH https://www.undeadly.org/cgi?action=article;sid=20250507010932 #openbsd #openssh #ssh #dsa #dsaremoval #deadkeys #signature #deadciphers #security #networking #cryptography #crypto

An unimportant remnant of the past has been removed from open SSH;
DSA.

Read about it in this article the next article linked will show you that it has been removed finally

#SSH #openSSH #DSA #programming #coding #OpenSource #openBSD #BSD #secureShell #Infosec

https://undeadly.org/cgi?action=article;sid=20240111105900

Call for testing: Last bits of DSA to be removed from OpenSSH https://www.undeadly.org/cgi?action=article;sid=20250506054255 #openbsd #openssh #ssh #dsa #dsaremoval #crypto #cryptography #ciphers #security #networking #development #freesoftware #libresoftware

ssh: listener sockets relocated from /tmp to ~/.ssh/agent https://www.undeadly.org/cgi?action=article;sid=20250506044643 #openbsd #ssh #openssh #security #unveil #sshagent #snoopresistant #freesoftware #libresoftware

A very welcome change in #OpenBSD -current that impacts software which restrict filesystem access with unveil(2), but permit access to /tmp (like web browsers). ​

ssh-agent(1) listener sockets and forwarded sockets in sshd(8) will now be under ~/.ssh/agent instead.

djm@ modified src/usr.bin/ssh/*: Move agent listener sockets from /tmp to under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets in sshd(8).

This ensures processes (such as Firefox) that have restricted filesystem access that includes /tmp (via unveil(3)) do not have the ability to use keys in an agent.

Moving the default directory has the consequence that the OS will no longer clean up stale agent sockets, so ssh-agent now gains this
ability.

To support $HOME on NFS, the socket path includes a truncated hash of the hostname. ssh-agent will by default only clean up sockets from the same hostname.

ssh-agent gains some new flags: -U suppresses the automatic cleanup of stale sockets when it starts. -u forces a cleanup without keeping a running agent, -uu forces a cleanup that ignores the hostname. -T makes ssh-agent put the socket back in /tmp.

feedback deraadt@ naddy@
doitdoitdoit deraadt@

#OpenSSH 10.0 has been released (#SSH / #SecureShell / #OpenBSD) https://openssh.com/

#PowerShell #OpenSSH PowerShell, OpenSSH, and DSC team investments for 2025 http://dlvr.it/TK8Lvg

#OpenSSH10 setzt auf Standards für quantensicheren Schlüsselaustausch | Security https://www.heise.de/news/OpenSSH-10-setzt-auf-Standards-fuer-quantensicheren-Schluesselaustausch-10345975.html #Verschlüsselung #encryption #SSH #OpenSSH