Marcus Adams<p><a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a> in Trixie is being upgraded, which does two important things.</p><p>1) It adds a hybrid post quantum key exchange (screenshot of a verbose login to my server attached).</p><p>2) It disables DSA keys entirely. As in, you can't even manually enable them. They've been disabled "by default" for years, but now they're just straight up removed. If you need to log into an old machine with a DSA key, there is now a separate openssh-client-ssh1 package and ssh1 command.</p><p><a href="https://www.debian.org/releases/trixie/release-notes/issues.en.html#openssh-no-longer-supports-dsa-keys" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">debian.org/releases/trixie/rel</span><span class="invisible">ease-notes/issues.en.html#openssh-no-longer-supports-dsa-keys</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
210active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#openssh
2 posts · 1 participant · 0 posts today
Marcus Adams<p>So it looks like <a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a> is getting a new feature to auto-ban users after a number of failed login attempts. This looks like it might even work for public-key auth, which doesn't always get logged in a way that other tools like Fail2Ban can monitor.</p><p>Link: <a href="https://michael-prokop.at/blog/2025/04/13/openssh-penalty-behavior-in-debian-trixie-newintrixie/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">michael-prokop.at/blog/2025/04</span><span class="invisible">/13/openssh-penalty-behavior-in-debian-trixie-newintrixie/</span></a></p>
Marcel SIneM(S)US<p><a href="https://social.tchncs.de/tags/OracleLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OracleLinux</span></a> 10 erschienen: <a href="https://social.tchncs.de/tags/RHEL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RHEL</span></a>-Derivat bringt UEK 8.1 und <a href="https://social.tchncs.de/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a>-Updates | iX Magazin <a href="https://www.heise.de/news/Oracle-Linux-10-ist-da-UEK-8-1-bekommt-Updates-fuer-KI-Training-und-Container-10464428.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Oracle-Linux-10-</span><span class="invisible">ist-da-UEK-8-1-bekommt-Updates-fuer-KI-Training-und-Container-10464428.html</span></a> <a href="https://social.tchncs.de/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> :tux: <a href="https://social.tchncs.de/tags/Oracle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Oracle</span></a> <a href="https://social.tchncs.de/tags/RedHatEnterpriseLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedHatEnterpriseLinux</span></a> <a href="https://social.tchncs.de/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a></p>
🆘Bill Cole 🇺🇦<p><span class="h-card" translate="no"><a href="https://libranet.de/profile/clacke" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>clacke</span></a></span> Yes and no… <br>Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles. </p><p><a href="https://toad.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://toad.social/tags/bastion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bastion</span></a> <a href="https://toad.social/tags/jumphost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jumphost</span></a><br><a href="https://toad.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> <a href="https://toad.social/tags/sshd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sshd</span></a> <a href="https://toad.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a></p>
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛<p>When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.</p><p>The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.</p><p>Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?</p><p><a href="https://libranet.de/search?tag=infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://libranet.de/search?tag=bastion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bastion</span></a> <a href="https://libranet.de/search?tag=jumphost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jumphost</span></a><br><a href="https://libranet.de/search?tag=ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> <a href="https://libranet.de/search?tag=sshd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sshd</span></a> <a href="https://libranet.de/search?tag=OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a></p>
Zack Weinberg<p>I'm betting the answer here is "this isn't possible" but if anyone knows how to tell OpenSSH that when it's enumerating pubkeys it should check which of the two known authentication dongles is actually plugged into the computer, and only prompt me to unlock the SK key that belongs to that dongle, not both of them, please tell me how.</p><p><a href="https://masto.hackers.town/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssh</span></a> <a href="https://masto.hackers.town/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a></p>
Dave Polaschek (he/him)<p>I'm looking to hook up PerSourcePenalties in the sshd_config on my VPS, and can't find any examples of using them out there. They're a new-ish feature, so I wonder if anyone's an expert yet besides <span class="h-card" translate="no"><a href="https://cybervillains.com/@djm" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>djm</span></a></span>.</p><p>Specifically, I'm getting a lot of attempted password logins on a system where "PasswordAuthentication no" is set, and I see five door-knocks from each IP before they get punted. Would rather have that kick in more quickly to keep the logs less cluttered.</p><p><a href="https://writing.exchange/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a> <a href="https://writing.exchange/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a></p>
Marcus Adams<p>If you're on <a href="https://mastodon.social/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debian</span></a> stable but would like a PQ key exchange algorithm on your SSH service, <a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a> 10 is available in the Bookworm backports with the following release notes.</p><p><a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/Quantum" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Quantum</span></a></p>
nixCraft 🐧<p>Multiplexing will boost your SSH connectivity or speed by reusing existing TCP connections to a remote host. Here are commands that you can use to control multiplexing when using OpenSSH server or client on your Linux, macOS, FreeBSD or Unix-like systems. Not sure what SSH multiplexing is? Learn how to set it up and use it to speed up your SSH sessions with our handy guide: <a href="https://www.cyberciti.biz/faq/ssh-multiplexing-control-command-to-check-forward-list-cancel-stop-connections/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cyberciti.biz/faq/ssh-multiple</span><span class="invisible">xing-control-command-to-check-forward-list-cancel-stop-connections/</span></a></p><p><a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unix</span></a> <a href="https://mastodon.social/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://mastodon.social/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssh</span></a> <a href="https://mastodon.social/tags/macos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>macos</span></a></p>
Dendrobatus Azureus<p>This article shows that DSA has finally been removed</p><p><a href="https://mastodon.bsd.cafe/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSH</span></a> <a href="https://mastodon.bsd.cafe/tags/openSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openSSH</span></a> <a href="https://mastodon.bsd.cafe/tags/DSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DSA</span></a> <a href="https://mastodon.bsd.cafe/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a> <a href="https://mastodon.bsd.cafe/tags/coding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>coding</span></a> <a href="https://mastodon.bsd.cafe/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.bsd.cafe/tags/openBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openBSD</span></a> <a href="https://mastodon.bsd.cafe/tags/BSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSD</span></a> <a href="https://mastodon.bsd.cafe/tags/secureShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secureShell</span></a> <a href="https://mastodon.bsd.cafe/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> </p><p><a href="https://undeadly.org/cgi?action=article;sid=20250507010932" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">undeadly.org/cgi?action=articl</span><span class="invisible">e;sid=20250507010932</span></a></p>
Dendrobatus Azureus<p>An unimportant remnant of the past has been removed from open SSH;<br>DSA.</p><p>Read about it in this article the next article linked will show you that it has been removed finally</p><p><a href="https://mastodon.bsd.cafe/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSH</span></a> <a href="https://mastodon.bsd.cafe/tags/openSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openSSH</span></a> <a href="https://mastodon.bsd.cafe/tags/DSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DSA</span></a> <a href="https://mastodon.bsd.cafe/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a> <a href="https://mastodon.bsd.cafe/tags/coding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>coding</span></a> <a href="https://mastodon.bsd.cafe/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.bsd.cafe/tags/openBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openBSD</span></a> <a href="https://mastodon.bsd.cafe/tags/BSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSD</span></a> <a href="https://mastodon.bsd.cafe/tags/secureShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secureShell</span></a> <a href="https://mastodon.bsd.cafe/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> </p><p><a href="https://undeadly.org/cgi?action=article;sid=20240111105900" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">undeadly.org/cgi?action=articl</span><span class="invisible">e;sid=20240111105900</span></a></p>
Peter N. M. Hansteen<p>DSA signature support removed from OpenSSH <a href="https://www.undeadly.org/cgi?action=article;sid=20250507010932" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">undeadly.org/cgi?action=articl</span><span class="invisible">e;sid=20250507010932</span></a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssh</span></a> <a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> <a href="https://mastodon.social/tags/dsa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dsa</span></a> <a href="https://mastodon.social/tags/dsaremoval" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dsaremoval</span></a> <a href="https://mastodon.social/tags/deadkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deadkeys</span></a> <a href="https://mastodon.social/tags/signature" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>signature</span></a> <a href="https://mastodon.social/tags/deadciphers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deadciphers</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> <a href="https://mastodon.social/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crypto</span></a></p>
Peter N. M. Hansteen<p>Call for testing: Last bits of DSA to be removed from OpenSSH <a href="https://www.undeadly.org/cgi?action=article;sid=20250506054255" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">undeadly.org/cgi?action=articl</span><span class="invisible">e;sid=20250506054255</span></a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssh</span></a> <a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> <a href="https://mastodon.social/tags/dsa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dsa</span></a> <a href="https://mastodon.social/tags/dsaremoval" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dsaremoval</span></a> <a href="https://mastodon.social/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crypto</span></a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> <a href="https://mastodon.social/tags/ciphers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ciphers</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/development" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>development</span></a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freesoftware</span></a> <a href="https://mastodon.social/tags/libresoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libresoftware</span></a></p>
Peter N. M. Hansteen<p>ssh: listener sockets relocated from /tmp to ~/.ssh/agent <a href="https://www.undeadly.org/cgi?action=article;sid=20250506044643" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">undeadly.org/cgi?action=articl</span><span class="invisible">e;sid=20250506044643</span></a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> <a href="https://mastodon.social/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssh</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/unveil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unveil</span></a> <a href="https://mastodon.social/tags/sshagent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sshagent</span></a> <a href="https://mastodon.social/tags/snoopresistant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>snoopresistant</span></a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freesoftware</span></a> <a href="https://mastodon.social/tags/libresoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libresoftware</span></a></p>
Marcus Adams<p>This version will come down the pipe in <a href="https://mastodon.social/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debian</span></a> Trixie later this year. Other distributions may already have it, or should in the near future.</p><p>Headline: <a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a> 10.0 Introduces Default Post-Quantum Key Exchange Algorithm - Quantum Computing Report</p><p>Source: <a href="https://quantumcomputingreport.com/openssh-10-0-introduces-default-post-quantum-key-exchange-algorithm/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">quantumcomputingreport.com/ope</span><span class="invisible">nssh-10-0-introduces-default-post-quantum-key-exchange-algorithm/</span></a></p><p><a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/Quantum" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Quantum</span></a></p>
Michael Dexter<p><span class="h-card"><a href="https://floss.social/@bkuhn" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bkuhn</span></a></span> So you’re saying <a href="https://bsd.network/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a> isn’t popular and isn’t supporting software freedom?</p>
Kevin Lyda<p>OK, this is a thing I didn't know. In <a href="https://mastodon.ie/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssh</span></a> config files, the first mention wins, not the last.</p><p>The overrides in the .d directories are included *first* (normally this happens last - see nginx, sudo, etc) which is how they override things.</p><p><a href="https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenSSHConfigOrderMatters" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">utcc.utoronto.ca/~cks/space/bl</span><span class="invisible">og/sysadmin/OpenSSHConfigOrderMatters</span></a></p>
nixCraft 🐧<p>OpenSSH 10.0/10.0p2 released <a href="https://www.openssh.com/releasenotes.html#10.0p1" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">openssh.com/releasenotes.html#</span><span class="invisible">10.0p1</span></a></p><p><a href="https://mastodon.social/tags/unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unix</span></a> <a href="https://mastodon.social/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssh</span></a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a></p>
Parade du Grotesque 💀<p>Also: <a href="https://mastodon.sdf.org/tags/Slackware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Slackware</span></a> 15 has a security update for Python3:</p><p><a href="http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.326755" rel="nofollow noopener" target="_blank"><span class="invisible">http://www.</span><span class="ellipsis">slackware.com/security/viewer.</span><span class="invisible">php?l=slackware-security&y=2025&m=slackware-security.326755</span></a></p><p>& Slackware-current just adopted <a href="https://mastodon.sdf.org/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a> 10.0.p1 & <a href="https://mastodon.sdf.org/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> 3.5</p><p>n/openssh-10.0p1-x86_64-1.txz: Upgraded. Potentially-incompatible changes include the removal of the weak DSA signature algorithm, completing the deprecation process that began in 2015 (when DSA was disabled by default) and repeatedly warned over the last 12 months.</p><p>n/openssl-3.5.0-x86_64-1.txz: Upgraded. New LTS release, supported until 08 Apr 2030.</p>
Senioradmin<p><a href="https://social.tchncs.de/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a> 9.8 und höher kommt allmählich auf die Server. Da wird die Option PerSourcePenalties interessant (siehe <a href="https://undeadly.org/cgi?action=article;sid=20240607042157" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">undeadly.org/cgi?action=articl</span><span class="invisible">e;sid=20240607042157</span></a> ) die fail2ban u.ä. überflüssig machen könnte.</p><p>Konfig-Beispiele sind aber noch rar gesät. Nach der manpage zu urteilen, sollte aber </p><p>PerSourcePenalties authfail:3600s</p><p>dafür sorgen dass IPs, die Brute-Force Attacken fahren für 1 Stunde geblockt werden, korrekt? </p><p><a href="https://social.tchncs.de/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSH</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload