All Questions
263 questions
3votes
1answer
108views
How to generate an SSH key on macOS Secure Enclave?
All M-series macs have a Secure Enclave. When I generate an SSH key, by default, it encrypts with a secret key written in the terminal: ssh-keygen -t ed25519 -C "[email protected]" Is ...
- 131
0votes
0answers
35views
SSH_USE_STRONG_RNG value clarification
A security guideline makes this statement The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict....
- 8,311
0votes
0answers
63views
What other steps can be taken to make SSH more secure?
I read these questions: Internet SSH Server Security Considerations When is a via ssh accessible remote machine considered secure? What's the difference it will make if ssh with a port other than ...
2votes
1answer
254views
How to prevent ssh access after linux account expiration date?
I was a bit surprised by the fact that a user can still have ssh access to a Linux machine (Ubuntu 18.04.6 LTS) where their account has expired. I set up the account expiration date with chage: sudo ...
- 637
0votes
2answers
108views
Is my Linux inside virtual box being hacked or is it my base system; windows which is compromised?
There's a Oracle Linux running inside a Virtual Box, which is running on Windows 11 home. Need help understanding: Is there any chance of any of either the linux or , as this clearly appears to be a ...
- 11
0votes
1answer
111views
SSH_AUTH_SOCK security
I noticed that for SSH_AUTH_SOCK value, its folder is inaccessible by anyone else, yet the actual file itself can be read by anyone. What's the reason behind such design? If I put a world-readable ...
- 1,808
1vote
0answers
359views
Handling the putty SSH Warning Potential Security Breach (changed host key)
Scenario: Linux server, allowing users to connect via SSH using the putty-0.80.exe ssh client on Windows 10. Work environment, 100+ users mostly NOT computer savvy Linux Server updated from Redhat-7 ...
- 8,311
-3votes
1answer
369views
Is there a way to enforce 2FA for all users on the SSH server on the Unix PAM Subsystem?
Is there a way to enforce two-factor authentication (2FA) for all users on the SSH server on the Unix PAM Subsystem?
- 97
0votes
0answers
131views
Limit shellinabox users to specific accounts
Setup and target I am running a server with ssh and shellinabox and would like to restrict login via shellinabox to one specific user only. Reasoning and approach For security reasons, the main user ...
- 13.9k
6votes
2answers
16kviews
How do you mitigate the Terrapin SSH attack?
The Terrapin Attack on SSH details a "prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the ...
- 515
0votes
0answers
152views
How to understand that my server was used for ssh-bruteforce attack?
my VPS provider told me that there was an ssh-bruteforce attack from my server. I've checked sessions with "last" command, but there was no active root session during attack time. The "...
0votes
2answers
98views
Letting a stranger in safely
I have setup a really tiny wireguard server in my home, with my public IP and all. I have used NAT to hopefully protect myself as much as possible, set strong passwords... All these things. A friend ...
- 111
0votes
0answers
42views
SSH login: password works not until 3rd attempt (same password)
When trying to log into my vserver the password only works at the 3rd attempt! (Using the same & correct password from clipboard) Is the system breached?! Interestingly when using my password ...
- 159
3votes
2answers
2kviews
SSH host key not recognized
At my new hosting provider, they allowed SSH for my account, but they only sent me port, server address, username, password, but no key. When I try to log in with PuTTY, it logs in, but I get the ...
- 31
0votes
1answer
46views
How to change the private key passphrase in lsh?
info lsh manual covers how to create a keypair and protect the private key with a passphrase. The manual does not tell how to change the passphrase or how to decode the private key, which is stored as ...
- 2,406
