#ssh
Si vous avez un linux dans cette liste qui a mis à jour xz/liblzma récemment. Rétropédalez .
Surtout quand on découvre que;
openssh does not directly use liblzma. However debian and several other
distributions patch openssh to support systemd notification, and libsystemd
does depend on lzma.
They are sharing SSH CVE-2023-48795 (Terrapin attack) vulnerable instances found in their IPv4/IPv6 scans
Nearly 11M instances (by unique IP) found vulnerable (~52%).
Background on the #vulnerability: https://terrapin-attack.com
fedivers: https://infosec.exchange/@shadowserver/111691389140858555
#cve #network #internet #security #bug #cyberwar #software #terrapin #attack #danger #administration #update #patch #ssh
Also: At some point, "web development" was mostly about dynamically changing a couple of files using #vim through an #ssh connection to some remote machine. Not to say there's a reason to use newer tools, but quickly fixing minor glitches on a staging machine with an #angular app deployed is slightly more challenging...
Somehow the #rsync transfer is causing problems, when I use the preconfigured host from ssh config it will do this:
receiving incremental file list
delta-transmission enabled
~V escape not available to multiplexed sessions
unexpected tag 113 [receiver/inc]
rsync error: error in rsync protocol data stream (code 12) at io.c(1648) [receiver=3.2.3]
rsync: [generator] write error: Broken pipe (32)
rsync error: error in socket IO (code 10) at io.c(823) [generator=3.2.3]
#SSH config contains this:
ServerAliveInterval 4
ServerAliveCountMax 4
ControlMaster auto
ControlPath /tmp/ssh-%r@%h:%p
ControlPersist 1
ForwardAgent yes
CanonicalizeHostname yes
host entry in ssh config is this:
Host name
Hostname example.org
User username
Compression no
RequestTTY force
DynamicForward 7074
Is the problem the "RequestTTY force" or something else?
Sehr schön, #ssh ohne #Yubikey:
❯ ssh ionos
Confirm user presence for key ED25519-SK SHA256:8w5Nw+rD5ofG5ioJQtEjQRQm5GgfPnjnm7u1dPI+UwM
sign_and_send_pubkey: signing failed for ED25519-SK "/Users/rainer/.ssh/yubikey-ionos": device not found
root@74.208.189.173: Permission denied (publickey).
Yubikey anstöpseln, bei Prompt die kleine Metallplatte berühren:
❯ ssh ionos
Confirm user presence for key ED25519-SK SHA256:8w5Nw+rD5ofG5ioJQtEjQRQm5GgfPnjnm7u1dPI+UwM
User presence confirmed
Linux ionos 5.10.0-23-cloud-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12) x86_64
This week, we discovered that #GitHub.com’s #RSA #SSH #private #key was briefly exposed in a public GitHub #repository.
Source: https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
Immer wieder faszinierend, was ich alles nicht weiß.
Features von #SSH im Schnelldurchgang...
#CLT23 #ChemnitzerLinuxTage #Chaus #PoweredByRSS
♲ Chaos Computer Club - Media (Inoffiziell) - 2023-03-10 23:00:00 GMT
SSH – Das Schweizer Taschenmesser fürs Netzwerk (clt23)
https://ftp.fau.de/cdn.media.ccc.de/events/clt/2023/h264-hd/clt23-63-deu-SSH_-_Das_Schweizer_Taschenmesser_fuers_Netzwerk_hd.mp4
#Yunohost #Linux backs up to a local directory, I haven't got enough space on the drive for a backup, so I wanted to mount a remote #SSH folder to that backup folder, but then @YunoHost refuses to run the backup because of some file system rights.
I use this command to mount:
sshfs -o reconnect,nonempty,default_permissions,uid=1007,gid=0 user@server.example.com:/home/user/folder /home/yunohost.backup
I read that umask does only apply to reading files. Does that have to do with it?
Any input welcome! #Yunohost
Reply to an #abuse message I received of a #Tor exit that was used for #SSH bruteforce. Looks good, right?
Hello,
Thanks for your notifications! If needed and wanted I can restrict the access to .... networks, please let me know if .... wants this and which network resources I should block exit to!
Please also understand that this is an Tor Exit server and that SSH bruteforce is a common problem with other anonymizing services as well, but SSH bruteforce has to be mitigated at the destination host in such a way that SSH service is secured or login requests are blocked after a certain number of attempts.
Please find our general information below.
These machines are Tor exit nodes. Tor is an anonymization network and exit nodes proxy traffic for other hosts on the Internet. By design, it is impossible for us to identify those other hosts or communicate with their operators.
The traffic you see comes from within the Tor network and is not an indicator for an infection or software running on the Tor node itself.
We have the ability to disable proxying to specific IP address ranges (not AS numbers) and specific TCP ports, but this should be considered a last resort tactic. It does not prevent anyone from using Tor to send spam to a certain server or access a certain server or whatsoever; the traffic would just divert to another exit node. Access as described by you can not be prevented by such measures and there is no infection we could clean up.
We are happy to work with you to minimize the impact on your service or on your network or to install a filter that blocks access for all Tor Exit Nodes (e.g. using
https://www.torproject.org/projects/tordnsel.html.en).
I hope you will consider allowing our relay/node to remain in (unfiltered) operation, as it is extremely valuable for people who need to conceal their identities online, especially in countries where access to the Internet is restricted. For more information please see https://www.torproject.org/about/overview.html#overview
We do not run an email server on this machine, nor could emails be relayed via out server.
Also feel free to contact us directly via abuse (at) artikel5ev dot de.
Kind regards,
utzer
on behalf of Artikel5 e.V.
