Questions tagged [ssh]
SSH (Secure shell) is a protocol for secure communication between computers to execute remote commands, transfer data and tunnel TCP connections.
1,237 questions
2votes
1answer
177views
For the same private key, I have two slightly different public keys. Is it normal?
I have two servers, and I want one to talk to the other. Lets call them alpha and beta, where alpha wants to talk to beta. On alpha, I have created an RSA key pair : private key and public key. I use ...
0votes
0answers
10views
Does generating a vanity ED25519 key pair reduce security [migrated]
I found tools that bruteforce ssh ed25519 key pairs to include specific text in the public key, but none of them mention the security implications. Right now im thinking that if i could generate the ...
3votes
1answer
741views
Is a FIDO private key file for SSH cryptographically secure on it's own?
Is an id_ed25519_sk cryptographically secure without a password? I'm currently experimenting with a yubikey SSH identity. Following instructions to generate an SSH key: sudo ssh-keygen -t ed25519-sk -...
1vote
1answer
272views
SSH: Do the public and private keys contain the ip address?
Question Do the public and private keys contain the ip address? Scenario Suppose "Computer I" as client has a IP as 192.168.1.A and is generated for SSH purposes its respective pair of ...
5votes
1answer
1kviews
Doesn't saving an SSH passphrase (as suggested by GitHub) negate the security benefits of using a passphrase?
From GitHub Docs: With SSH keys, if someone gains access to your computer, the attacker can gain access to every system that uses that key. To add an extra layer of security, you can add a passphrase ...
- 153
1vote
0answers
60views
Managing SSH authorized keys exported from OpenPGP keys
One of the benefits of using OpenPGP authentication subkeys instead of arbitrarily created SSH keyfiles, is key expiration and revocation. While there is plenty of documentation on how to use OpenPGP ...
- 11
1vote
3answers
887views
QID 38909 SHA1 deprecated setting for SSH (RHEL 8.6)
I am trying to solve vulnerability reported for QID 38909 i.e SHA1 deprecated setting for SSH. I have hardened the sshd configs in /etc/ssh/sshd_config and /etc/crypto-policies/backends/openssh and ...
- 121
1vote
1answer
89views
Relative security of ssh password and public key to remote systems
I just know everyone is going to shout at me that public key is better but let me spell out the actual scenario first. I have a small LAN at home, basically I'm the only regular user but other members ...
- 361
21votes
5answers
4kviews
Could there be a legitimate reason for a SSH server to allow null authentication, to anyone?
I recently recalled a memory of when I had once, a fair while ago, accidentally tried to login to the wrong (mistyped) SSH server, and it allowed me access without the correct credentials: null ...
- 4,735
2votes
2answers
555views
RHEL in FIPS mode ignores crypto subpolicy
I have a number of RHEL 8 and RHEL 9 systems with FIPS mode enabled. I'm trying to use a crypto subpolicy to disable CBC ciphers, but the subpolicy seems to be ignored in FIPS mode even though it is ...
- 1,149
2votes
1answer
470views
What encryption algorithm is putty using?
I have setup an AlmaLinux9 server with SSHD. I have also generated a priv+pub key on my workstation, and when I check the algorithm used by my key it shows: ssh-keygen -l -f myprivatekey.pem 2048 ...
- 189
0votes
0answers
17views
Does using an SSH tunnel over TLS improve security? [duplicate]
Does wrapping an SSH tunnel with a secondary SSL/TLS layer actually improve the security of the connection? If not, does doing this make the connection less secure? Why/ Why not?
- 4,735
1vote
1answer
135views
Auto-unlock private key: which implications?
On my system (Ubuntu 22.04) I have encrypted my private key with a passphrase and added it to the ssh agent with ssh-add. On use of the key, I am prompted with the option "Automatically unlock ...
- 141
0votes
1answer
121views
Is it a good idea to run openssh-server into a docker container?
I want to have a server where I can connect many computers and open reverse tunnels, and then when I want to connect to those tunnels, I will SSH into the server and forward my local connection to it, ...
- 375
4votes
2answers
162views
Is it better to leave my SSH reverse tunnels exposed on a server, or expose them through tcp forwarding?
This is a follow up on When I use SSH tunneling, can I assume that the server does not need to be trusted? When I am using an intermediate server I to connect to my endpoints via SSH tunnels, is it ...
- 173
