Bug in OpenSSH / Config Checker

stumpled upon a bug in openssh … did a small config change in sshd_config, deployed it with ansible … and lost connectifity to all these boxes immediately … and of course, i did a config check before reloading the sshd daemon, and the config check was fine. i can’t belife that nobody else found this before, as it’s really simple to reproduce. and it’s working with openbsd, debian, centos and mostly on all system which have opensshd implemented (and that’s a lot of …)

Forwarding Variable with SSH

Did you know that you can easily forward a variable (or secret) via SSH … ? This Variable is just available if you’re logged in and never stored in any configfile or backup. This can be a real advantage … Sending Host /etc/ssh/ssh_conf Host SendEnv _secret Receiving Host /etc/ssh/sshd_conf AcceptEnv _secret restart sshd Connect user@myhost ~# export _secret=topsecret99 user@myhost ~# ssh user@trustedhost ~# set |grep _secret _secret=topsecret99 here we are …

SSH Audit

ssh-audit is a tool for ssh server auditing. Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and operating system, detect compression; gather key-exchange, host-key, encryption and message authentication code algorithms; output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc); output algorithm recommendations (append or remove based on recognized software version); output security information (related issues, assigned CVE list, etc); analyze SSH version compatibility based on algorithm information;


like ssh and secure keys ? Generate Secure Key ssh-keygen -o -a 100 -t ed25519 -C "MyFamousComment" ssh-keygen -o -a 100 -t ed25519 -C "`whoami`@`hostname`@`date \"+%Y-%m-%d@%H:%M\"`" What is ed25519 Distribute Key ssh-copy-id user@remote-server-ip-or-dns-name Connect to Remote Connect to Remove without Agent Forwarding (use this unless you know what you’re dooing …) ssh -a ip-or-hostname Connect with Agent Forwarding or if you need Agent Forwarding ssh -A ip-or-hostname Confirm Agent Forwarding to confirm if agent forwarding is working, you can check your environment: