Veganism Social

Dendrobatus AzureusAn unimportant remnant of the past has been removed from open SSH; DSA.Read about it in this article the next article linked will show you that it has been removed finally<a href="https://mastodon.bsd.cafe/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSH</a> <a href="https://mastodon.bsd.cafe/tags/openSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSSH</a> <a href="https://mastodon.bsd.cafe/tags/DSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#DSA</a> <a href="https://mastodon.bsd.cafe/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#programming</a> <a href="https://mastodon.bsd.cafe/tags/coding" class="mention hashtag" rel="nofollow noopener" target="_blank">#coding</a> <a href="https://mastodon.bsd.cafe/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://mastodon.bsd.cafe/tags/openBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#openBSD</a> <a href="https://mastodon.bsd.cafe/tags/BSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#BSD</a> <a href="https://mastodon.bsd.cafe/tags/secureShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#secureShell</a> <a href="https://mastodon.bsd.cafe/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://undeadly.org/cgi?action=article;sid=20240111105900" rel="nofollow noopener" translate="no" target="_blank">https://undeadly.org/cgi?action=article;sid=20240111105900</a>

Peter N. M. HansteenDSA signature support removed from OpenSSH <a href="https://www.undeadly.org/cgi?action=article;sid=20250507010932" rel="nofollow noopener" translate="no" target="_blank">https://www.undeadly.org/cgi?action=article;sid=20250507010932</a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#openbsd</a> <a href="https://mastodon.social/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssh</a> <a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#ssh</a> <a href="https://mastodon.social/tags/dsa" class="mention hashtag" rel="nofollow noopener" target="_blank">#dsa</a> <a href="https://mastodon.social/tags/dsaremoval" class="mention hashtag" rel="nofollow noopener" target="_blank">#dsaremoval</a> <a href="https://mastodon.social/tags/deadkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#deadkeys</a> <a href="https://mastodon.social/tags/signature" class="mention hashtag" rel="nofollow noopener" target="_blank">#signature</a> <a href="https://mastodon.social/tags/deadciphers" class="mention hashtag" rel="nofollow noopener" target="_blank">#deadciphers</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#networking</a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptography</a> <a href="https://mastodon.social/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#crypto</a>

Peter N. M. HansteenCall for testing: Last bits of DSA to be removed from OpenSSH <a href="https://www.undeadly.org/cgi?action=article;sid=20250506054255" rel="nofollow noopener" translate="no" target="_blank">https://www.undeadly.org/cgi?action=article;sid=20250506054255</a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#openbsd</a> <a href="https://mastodon.social/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssh</a> <a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#ssh</a> <a href="https://mastodon.social/tags/dsa" class="mention hashtag" rel="nofollow noopener" target="_blank">#dsa</a> <a href="https://mastodon.social/tags/dsaremoval" class="mention hashtag" rel="nofollow noopener" target="_blank">#dsaremoval</a> <a href="https://mastodon.social/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#crypto</a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptography</a> <a href="https://mastodon.social/tags/ciphers" class="mention hashtag" rel="nofollow noopener" target="_blank">#ciphers</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#networking</a> <a href="https://mastodon.social/tags/development" class="mention hashtag" rel="nofollow noopener" target="_blank">#development</a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#freesoftware</a> <a href="https://mastodon.social/tags/libresoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#libresoftware</a>

Peter N. M. Hansteenssh: listener sockets relocated from /tmp to ~/.ssh/agent <a href="https://www.undeadly.org/cgi?action=article;sid=20250506044643" rel="nofollow noopener" translate="no" target="_blank">https://www.undeadly.org/cgi?action=article;sid=20250506044643</a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#openbsd</a> <a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#ssh</a> <a href="https://mastodon.social/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssh</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mastodon.social/tags/unveil" class="mention hashtag" rel="nofollow noopener" target="_blank">#unveil</a> <a href="https://mastodon.social/tags/sshagent" class="mention hashtag" rel="nofollow noopener" target="_blank">#sshagent</a> <a href="https://mastodon.social/tags/snoopresistant" class="mention hashtag" rel="nofollow noopener" target="_blank">#snoopresistant</a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#freesoftware</a> <a href="https://mastodon.social/tags/libresoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#libresoftware</a>

Vitex<a href="https://f.cz/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> 10.0p1 includes a number of changes that may affect existing configurations: * This release removes support for the weak DSA signature algorithm, completing the deprecation process that began in 2015 (when <a href="https://f.cz/tags/DSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#DSA</a> was disabled by default) and repeatedly warned over the last 12 months.<a href="https://f.cz/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSH</a> <a href="https://f.cz/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>

Bryan Steele :flan_beard:A very welcome change in <a href="https://bsd.network/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenBSD</a> -current that impacts software which restrict filesystem access with unveil(2), but permit access to /tmp (like web browsers). :flan_thumbs:ssh-agent(1) listener sockets and forwarded sockets in sshd(8) will now be under ~/.ssh/agent instead.<blockquote>djm@ modified src/usr.bin/ssh/*: Move agent listener sockets from /tmp to under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets in sshd(8).This ensures processes (such as Firefox) that have restricted filesystem access that includes /tmp (via unveil(3)) do not have the ability to use keys in an agent.Moving the default directory has the consequence that the OS will no longer clean up stale agent sockets, so ssh-agent now gains this ability.To support $HOME on NFS, the socket path includes a truncated hash of the hostname. ssh-agent will by default only clean up sockets from the same hostname.ssh-agent gains some new flags: -U suppresses the automatic cleanup of stale sockets when it starts. -u forces a cleanup without keeping a running agent, -uu forces a cleanup that ignores the hostname. -T makes ssh-agent put the socket back in /tmp.feedback deraadt@ naddy@ doitdoitdoit deraadt@</blockquote><a href="https://bsd.network/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a>

Neustradamus :xmpp: :linux:<a href="https://mastodon.social/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenBSD</a> 7.7 has been released (<a href="https://mastodon.social/tags/BSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#BSD</a> / <a href="https://mastodon.social/tags/NetBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetBSD</a> / <a href="https://mastodon.social/tags/386BSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#386BSD</a> / <a href="https://mastodon.social/tags/Unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#Unix</a> / <a href="https://mastodon.social/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#LibreSSL</a> / <a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> / <a href="https://mastodon.social/tags/OpenBGPD" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenBGPD</a> / <a href="https://mastodon.social/tags/OpenSMTPD" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSMTPD</a> / <a href="https://mastodon.social/tags/OpenNTPD" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenNTPD</a> / <a href="https://mastodon.social/tags/OpenIKED" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenIKED</a> / <a href="https://mastodon.social/tags/rpkiClient" class="mention hashtag" rel="nofollow noopener" target="_blank">#rpkiClient</a> / <a href="https://mastodon.social/tags/mandoc" class="mention hashtag" rel="nofollow noopener" target="_blank">#mandoc</a>) <a href="https://openbsd.org/" rel="nofollow noopener" translate="no" target="_blank">https://openbsd.org/</a>

Marcus AdamsThis version will come down the pipe in <a href="https://mastodon.social/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Debian</a> Trixie later this year. Other distributions may already have it, or should in the near future.Headline: <a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> 10.0 Introduces Default Post-Quantum Key Exchange Algorithm - Quantum Computing ReportSource: <a href="https://quantumcomputingreport.com/openssh-10-0-introduces-default-post-quantum-key-exchange-algorithm/" rel="nofollow noopener" translate="no" target="_blank">https://quantumcomputingreport.com/openssh-10-0-introduces-default-post-quantum-key-exchange-algorithm/</a><a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/Quantum" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quantum</a>

A.J. ArmstrongFixing OpenSSH.exe Issues After October 2024 Windows Server Update | <a href="https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=19516 | #Guide" rel="nofollow noopener" translate="no" target="_blank">https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=19516 | #Guide</a> <a href="https://techhub.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://techhub.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> <a href="https://techhub.social/tags/refresh" class="mention hashtag" rel="nofollow noopener" target="_blank">#refresh</a> <a href="https://techhub.social/tags/Server" class="mention hashtag" rel="nofollow noopener" target="_blank">#Server</a> <a href="https://techhub.social/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://techhub.social/tags/WindowsUpdate" class="mention hashtag" rel="nofollow noopener" target="_blank">#WindowsUpdate</a>  <a href="https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=19516" rel="nofollow noopener" translate="no" target="_blank">https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=19516</a>

Anthony PowellFixing OpenSSH.exe Issues After October 2024 Windows Server Update | <a href="https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=19515 | #Guide" rel="nofollow noopener" translate="no" target="_blank">https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=19515 | #Guide</a> <a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> <a href="https://mastodon.social/tags/refresh" class="mention hashtag" rel="nofollow noopener" target="_blank">#refresh</a> <a href="https://mastodon.social/tags/Server" class="mention hashtag" rel="nofollow noopener" target="_blank">#Server</a> <a href="https://mastodon.social/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://mastodon.social/tags/WindowsUpdate" class="mention hashtag" rel="nofollow noopener" target="_blank">#WindowsUpdate</a>  <a href="https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=19515" rel="nofollow noopener" translate="no" target="_blank">https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=19515</a>

Michael Dexter<a href="https://floss.social/@bkuhn" class="u-url mention" rel="nofollow noopener" target="_blank">@bkuhn</a> So you’re saying <a href="https://bsd.network/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> isn’t popular and isn’t supporting software freedom?

Kevin LydaOK, this is a thing I didn't know. In <a href="https://mastodon.ie/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssh</a> config files, the first mention wins, not the last.The overrides in the .d directories are included *first* (normally this happens last - see nginx, sudo, etc) which is how they override things.<a href="https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenSSHConfigOrderMatters" rel="nofollow noopener" translate="no" target="_blank">https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenSSHConfigOrderMatters</a>

Neustradamus :xmpp: :linux:<a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> 10.0 has been released (<a href="https://mastodon.social/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSH</a> / <a href="https://mastodon.social/tags/SecureShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecureShell</a> / <a href="https://mastodon.social/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenBSD</a>) <a href="https://openssh.com/" rel="nofollow noopener" translate="no" target="_blank">https://openssh.com/</a>

Rihards OlupsNeat, OpenSSH client adds variable expansion in "User". This will allow for much simpler PAM (the privileged access management one) related configuration - for example, expanding user into user%original_hostname etc.<a href="https://github.com/openssh/openssh-portable/commit/bd30cf784d6e825ef71592fb723c41d4f2fd407b" rel="nofollow noopener" translate="no" target="_blank">https://github.com/openssh/openssh-portable/commit/bd30cf784d6e825ef71592fb723c41d4f2fd407b</a><a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> <a href="https://mastodon.social/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSH</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>

unixbhaskarHeads up! Kiddos...measure...<a href="https://mastodon.social/tags/linuxadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#linuxadmin</a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://mastodon.social/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#tool</a> <a href="https://mastodon.social/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssh</a> <a href="https://www.openssh.com/releasenotes.html#10.0p1" rel="nofollow noopener" translate="no" target="_blank">https://www.openssh.com/releasenotes.html#10.0p1</a>

Maquinari.catOpenSSH arriba a la versió 10.0. Entre d'altres, inclou l'algoritme mlkem768x25519-sha256, que diuen és a prova d'ordinadors quàntics.<a href="https://www.phoronix.com/news/OpenSSH-10.0-Released" rel="nofollow noopener" translate="no" target="_blank">https://www.phoronix.com/news/OpenSSH-10.0-Released</a><a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> <a href="https://mastodon.social/tags/Qu%C3%A0ntic" class="mention hashtag" rel="nofollow noopener" target="_blank">#Quàntic</a> <a href="https://mastodon.social/tags/mlkem768x25519" class="mention hashtag" rel="nofollow noopener" target="_blank">#mlkem768x25519</a>-sha256

Jeff ForcierI see <a href="https://social.coop/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> got to fully removing DSA key support, so that means my “probably do that in <a href="https://social.coop/tags/Paramiko" class="mention hashtag" rel="nofollow noopener" target="_blank">#Paramiko</a>” todo list item has no more excuses 🤔Well, ok, it still has a few excuses (will be years before the average sshd is OpenSSH 10.0+) but still. Needs happenin' sometime and it ain't like old releases go away, so.

nixCraft 🐧OpenSSH 10.0/10.0p2 released <a href="https://www.openssh.com/releasenotes.html#10.0p1" rel="nofollow noopener" translate="no" target="_blank">https://www.openssh.com/releasenotes.html#10.0p1</a><a href="https://mastodon.social/tags/unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#unix</a> <a href="https://mastodon.social/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssh</a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a>

KielKontrovers Blog<a href="https://norden.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> 10.0 Released<a href="https://undeadly.org/cgi?action=article;sid=20250410053152" rel="nofollow noopener" translate="no" target="_blank">https://undeadly.org/cgi?action=article;sid=20250410053152</a><a href="https://norden.social/tags/Openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#Openbsd</a> <a href="https://norden.social/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSH</a>

Senioradmin<a href="https://social.tchncs.de/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> 9.8 und höher kommt allmählich auf die Server. Da wird die Option PerSourcePenalties interessant (siehe <a href="https://undeadly.org/cgi?action=article;sid=20240607042157" rel="nofollow noopener" translate="no" target="_blank">https://undeadly.org/cgi?action=article;sid=20240607042157</a> ) die fail2ban u.ä. überflüssig machen könnte.Konfig-Beispiele sind aber noch rar gesät. Nach der manpage zu urteilen, sollte aber PerSourcePenalties authfail:3600sdafür sorgen dass IPs, die Brute-Force Attacken fahren für 1 Stunde geblockt werden, korrekt? <a href="https://social.tchncs.de/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSH</a>

Recent searches

Search options

Administered by:

Server stats:

#openssh