#PowerShell #OpenSSH PowerShell, OpenSSH, and DSC team investments for 2025 http://dlvr.it/TK8Lvg
Recent searches
Search options
#openssh
17 posts16 participants1 post today
#OpenSSH10 setzt auf Standards für quantensicheren Schlüsselaustausch | Security https://www.heise.de/news/OpenSSH-10-setzt-auf-Standards-fuer-quantensicheren-Schluesselaustausch-10345975.html #Verschlüsselung #encryption #SSH #OpenSSH
heise online · OpenSSH 10 setzt auf Standards für quantensicheren Schlüsselaustausch
More from 
Dr. Christopher Kunz
I see #OpenSSH got to fully removing DSA key support, so that means my “probably do that in #Paramiko” todo list item has no more excuses 
Well, ok, it still has a few excuses (will be years before the average sshd is OpenSSH 10.0+) but still. Needs happenin' sometime and it ain't like old releases go away, so.
Continued thread
Also: #Slackware 15 has a security update for Python3:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.326755
Slackware-current just adopted #OpenSSH 10.0.p1 & #OpenSSL 3.5
n/openssh-10.0p1-x86_64-1.txz: Upgraded. Potentially-incompatible changes include the removal of the weak DSA signature algorithm, completing the deprecation process that began in 2015 (when DSA was disabled by default) and repeatedly warned over the last 12 months.
n/openssl-3.5.0-x86_64-1.txz: Upgraded. New LTS release, supported until 08 Apr 2030.
www.slackware.comThe Slackware Linux Project: Slackware Security Advisories
Portable OpenSSH 10.0p1 will not exist. It will be known as OpenSSH 10.0p2.
https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-April/000163.html
- - -
OpenSSH portable 10.0p1 n’existera pas. Ce sera connue comme OpenSSH 10.0p2.
// Publication en anglais //
lists.mindrot.org[openssh-unix-announce] Announce: OpenSSH 10.0 released
#OpenSSH 9.8 und höher kommt allmählich auf die Server. Da wird die Option PerSourcePenalties interessant (siehe https://undeadly.org/cgi?action=article;sid=20240607042157 ) die fail2ban u.ä. überflüssig machen könnte.
Konfig-Beispiele sind aber noch rar gesät. Nach der manpage zu urteilen, sollte aber
PerSourcePenalties authfail:3600s
dafür sorgen dass IPs, die Brute-Force Attacken fahren für 1 Stunde geblockt werden, korrekt?
undeadly.orgOpenSSH introduces options to penalize undesirable behavior
Ooph, updated the sshd-session.c patch that MacPorts uses (to try to sandbox things, whoever did that was before my time) and while the patch I modified applies OK, the OpenSSH 10.0p1 build still fails with MacPorts' additional "special sauce".
I updated the Trac issue with as far as I got here:
https://trac.macports.org/ticket/72317
But I need to step AFK for a while and won't be able to look at this again for several hours.
If others want to take a crack at it and fix whatever I failed to get correct, contributions are more than welcome!
Thanks!
(and here I was thinking the legacy_dsa variant removal would be my potential stumbling block. Nope! sigh I should have tested the snapshot more thoroughly I guess, but I still don't have a functional mpbb locally and I don't even want to get into my "methodology" for diffing this stuff locally, it's basically line by line with not such great tools.)
Near as I can discern sshd-session.c got reworked a bit since 9.9p2 and my shoot from the hip attempt is insufficient.
#OpenSSH #MacPorts
I updated the Trac issue with as far as I got here:
https://trac.macports.org/ticket/72317
But I need to step AFK for a while and won't be able to look at this again for several hours.
If others want to take a crack at it and fix whatever I failed to get correct, contributions are more than welcome!
Thanks!
(and here I was thinking the legacy_dsa variant removal would be my potential stumbling block. Nope! sigh I should have tested the snapshot more thoroughly I guess, but I still don't have a functional mpbb locally and I don't even want to get into my "methodology" for diffing this stuff locally, it's basically line by line with not such great tools.)
Near as I can discern sshd-session.c got reworked a bit since 9.9p2 and my shoot from the hip attempt is insufficient.
#OpenSSH #MacPorts
trac.macports.org#72317 (update OpenSSH 10.0p1)
– MacPorts
OpenSSH 10.0 is out! 
One of the most critical tools in any Unix admin’s toolbox just got even better.
Release notes: https://www.openssh.com/releasenotes.html#10.0p1
Huge thanks to the OpenSSH devs for keeping the Internet safer with every release.
#openssh #linux #openbsd #bsd
One of the most critical tools in any Unix admin’s toolbox just got even better.
Release notes: https://www.openssh.com/releasenotes.html#10.0p1Huge thanks to the OpenSSH devs for keeping the Internet safer with every release.
#openssh #linux #openbsd #bsd
www.openssh.comOpenSSH: Release NotesOpenSSH release notes
OpenSSH 10.0 released with hybrid post-quantum algorithm mlkem768x25519-sha256 as default key agreement, new cipher preference list, new options, bug fixes
www.openssh.comOpenSSH: Release NotesOpenSSH release notes
OpenSSH 10.0: A Leap Forward in Secure Shell Technology
The release of OpenSSH 10.0 introduces significant enhancements in security and functionality, solidifying its status as a cornerstone of secure communications in the tech industry. With new features ...
https://news.lavx.hu/article/openssh-10-0-a-leap-forward-in-secure-shell-technology
Continued thread
#OpenSSH 10.0 release notes: https://www.openssh.com/txt/release-10.0
In addition to removing DSA, this splits the user authentication code from the sshd-session binary into a separate sshd-auth binary. Also only #OpenBSD, this new sshd-authd is relinked on boot, just like sshd-session & sshd.
Replied in thread
@JessTheUnstill @Pibble
And yes, I treat all devices as insecure and would rather invest the time and effort needed get #TechIlliterates up to speed on the #OfflinePGP method!
- Sounds cumbersome, but when your threat model literally goes against the #1 #Hacking #Regime (#USA) with more #Exploits stockpiled than any hacking forum (cuz #NOBUS doctrine), you gotta have to upgrade.
Given the cheapness of storage (legitimate 1TB microSD cards exist and they ain't 4-digit items!) I'd legitimately look into #OTP #encryption and (IF I had the €€€€€€ to do so!) would even sponsor implementing it in #OpenVPN, #WireGuard and #OpenSSH (for #SSH-Tunmeling).
- The #US is a #RogueNation with a Rogue Government! The sooner we accept this reality the sooner we can not only adjust to it but act accordingly…
I sincerely wish y'all could legitimately call me a tinfoilhat but so far I've been proven right all the time...
Did a new release of `ssh-tpm-agent`, `v0.8.0`.
Notable changes is hierarchy keys, keyctl backed passwords and some preliminary landlock support.
https://github.com/Foxboron/ssh-tpm-agent/releases/tag/v0.8.0
GitHubRelease v0.8.0 · Foxboron/ssh-tpm-agentThe release is signed with C100 3466 7663 4E80 C940 FB9E 9C02 FF41 9FEC BE16.
⚠️ Breaking Changes ⚠️
ssh-tpm-agent won't use SSH_AUTH_SOCK as the default socket environment
variable anymore. As ss...
⇑⇑⇓⇓⇐⇒⇐⇒BA Der @leyrer ist einer meiner persönlichen Helden. Er erklärt immer sehr unterhaltsam Themen rund um SSH, Kommandozeile und Co. die man auch wirklich gut bei der Arbeit anwenden kann und das Leben häufig leichter machen.
Liebe geht raus für seinen Einsatz. 
Leider habe ich bisher nie live die Ehre gehabt, aber es ist ja noch nicht aller Tage Abend und ich hoffe er macht noch einige Talks. 
Überzeugt euch selbst:
https://media.ccc.de/search?p=Der+Leyrer
media.ccc.deSearch for person "Der Leyrer"
- media.ccc.deVideo Streaming Portal des Chaos Computer Clubs
