Morten Linderud11h ago

Today feels like a good day to point out that ssh host keys should be tied to your hardware.

I've heard TPMs are good at this.

#OpenSSH #Linux #security

Freexian 13h ago

#Freexian collaborators worked on detecting undeclared file conflicts, mini-sprint improving contributors.debian.org, security-tracker performance, fixing dput-ng data loss bug, MiniDebConf Campinas and many more contributions to #Debian in April 2026.

Read all the details at https://www.freexian.com/blog/debian-contributions-04-2026/?utm_source=mastodon&utm_medium=social

We thank the organizations subscribing to our Long Term Support contracts (https://www.freexian.com/lts/?utm_source=mastodon&utm_medium=social) and consulting services (https://www.freexian.com/services/?utm_source=mastodon&utm_medium=social) for making this possible.

#dput-ng #linux #openssh

Debian Contributions: Detecting undeclared file conflicts, contributors.debian.org mini-sprint, security-tracker performance and more!

Debian Contributions: 2026-04 Contributing to Debian is part of Freexian’s mission. This article covers the latest achievements of Freexian and their collaborators. All of this is made possible by organizations subscribing to our Long Term Support contracts and consulting services. Undeclared file conflicts, by Helmut Grohne The duplication checker, the Multi-Arch hinter, and the /usr-move analyzer share significant parts of their code. While the /usr-move transition is complete, the other tools needed a bit of love.

Freexian
sayzard5d ago

FreeBSD – A Lesson in Poor Defaults

이 글은 FreeBSD의 기본 설정이 보안과 현대적 요구에 부합하지 못하는 문제점을 상세히 지적한다. 특히 OpenSSH의 구버전 패치 유지, 취약한 암호화 옵션 재활성화, 오래된 Sendmail 기본 탑재, 기본 방화벽 미활성화 등으로 인해 보안 위험이 증가한다고 비판한다. FreeBSD가 호환성과 전통을 이유로 보안 패치를 뒤로 미루고 구식 기능을 유지하는 경향이 있으며, 사용자들은 포트 버전의 OpenSSH 설치와 최신 방화벽 사용을 권장받는다. 이는 AI 개발자들이 FreeBSD 기반 인프라를 운영할 때 보안 강화를 위해 기본 설정을 반드시 점검하고 수정해야 함을 시사한다.

https://vez.mrsk.me/freebsd-defaults

#freebsd #security #openssh #firewall #sysadmin

FreeBSD - a lesson in poor defaults

Show threadDave Marquardt5d ago

@FritzAdalis @RuntimeArguments @jammcq @YesJustWolf

Thanks. I did look this up after I wrote the post. I should have looked it up before. But still, without knowing that history, it appeared the speaker was either confused about #OpenSSH and #OpenBSD or equating them or something. It wasn't obvious to me that the OpenBSD team *wrote* OpenSSH. That's the way I heard it, might have misinterpreted what was said.

Show threadDave Marquardt5d ago

@RuntimeArguments @jammcq @YesJustWolf

I've been a #UNIX user since 1984, and spent my working life developing flavors of Unix and now #Linux. I listened to this episode over the past couple of days. I'm a long time user of #SSH One point of confusion and a few points that I learned.

When talking about the origins of #OpenSSH you talked about #OpenBSD but didn't explain how it related to OpenSSH . Was OpenBSD involved in the creation of OpenSSH ? It could have used explanation.

1/2

#ssh

Andrew ArmstrongMay 7
Fixing OpenSSH.exe Issues After October 2024 Windows Server Update | #HowToGuides #WindowsServer #WindowsServer #OpenSSH #PatchTuesday #SysAdmin #CyberSecurity 
https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=33605
AskUbuntuMay 5

openssh-server post-installation script error (exit status 10) and SSH not working #apt #dpkg #openssh

https://askubuntu.com/q/1566463/612

openssh-server post-installation script error (exit status 10) and SSH not working

I’m encountering an issue where openssh-server fails during configuration, and SSH is currently not working on my system. This error appears during package operations, even when I’m not explicitly ...

Ask Ubuntu
Morten LinderudMay 4

Did a new release of ssh-tpm-agent.

https://github.com/Foxboron/ssh-tpm-agent/releases/tag/v0.9.0

`ssh-tpm-add` now supports `-c` for confirmation dialogs before key usage, along with a nice process chain. Thanks to @mic92

#TPM #Security #OpenSSH #SSH

Release v0.9.0 · Foxboron/ssh-tpm-agent

The release is signed with C100 3466 7663 4E80 C940 FB9E 9C02 FF41 9FEC BE16. Packaging change ssh-tpm-agent releases now has a tarball with an accompanying signature. Please use this tarball inst...

GitHub
Xavier «X» Santolaria  May 4

🕵🏻‍♂️ [InfoSec MASHUP] - This week's news cycle handed us the usual parade of breaches, arrests, and patch-your-stuff urgency — but if you squint at the #Malware section long enough, a more uncomfortable story emerges. #SAP-related npm packages backdoored with a credential stealer. A popular #PyPI package hijacked via a forged signed release pushed through a compromised GitHub Actions workflow. Seventy-three "sleeper" extensions quietly sitting in #OpenVSX, waiting. The common thread: attackers aren't breaking down the front door anymore. They're walking in through the tools developers use every day, often with a valid signature and a clean commit history.

What makes this particularly fun — in the way a slow-motion disaster is fun — is that the blast radius isn't just the developer who ran pip install. It's every downstream user, every CI/CD pipeline, every AI coding agent that helpfully executed the preinstall hook without asking questions. The supply chain isn't a niche threat vector reserved for nation-state ops anymore. It's where commodity attackers are increasingly playing, because it scales beautifully and the detection gap remains embarrassingly wide.

→ Week #18/2026 also covers: Supply chain attackers found the path of least resistance, #OpenSSH patched a bug older than most junior devs, and #Europe is done pretending U.S. #cloud is a neutral choice.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-18-2026-shinyhunters-week-off-they-didn-t-take-one

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

🕵🏻‍♂️ [InfoSec MASHUP] 18/2026 - ShinyHunters' Week Off (They Didn't Take One)

Plus: Supply chain attackers found the path of least resistance, OpenSSH patched a bug older than most junior devs, and Europe is done pretending U.S. cloud is a neutral choice

X’s InfoSec Newsletter
Runtime ArgumentsMay 2

Episode 27 of our technology podcast @RuntimeArguments (http://RuntimeArguments.fm) is up — "SSH and how we got here".

Jim @jammcq walks through SSH's three-decade arc — Tatu Ylönen's 1995 response to a campus password-sniffing attack, OpenSSH a few years later, and what's stayed essentially the same ever since — while Wolf @YesJustWolf pokes at what SSH actually does beyond remote login (file copy, secure tunnels, even X forwarding). They climb the authentication ladder from passwords to public keys to hardware-backed enclaves to certificates, with practical advice along the way: use ED25519, put passphrases on your keys, set the right file permissions, and turn off password auth.

As always, we want to know what you think:

[email protected]

https://www.buzzsprout.com/2469780/episodes/19106065

#SSH #OpenSSH #Cryptography #Security #DevOps #SysAdmin #Linux #ED25519 #Tailscale #Mosh #Podcast #TechPodcast