Secure SSH Access with Passwordless Login

#linux #ssh #server
linuxteck.com/secure-ssh-acces…

Released sshelf, a terminal UI for managing SSH hosts. Save each one once (keys, passwords, jump hosts, tags), then fuzzy-search and hit Enter to connect.

The premise: it never touches ~/.ssh/config. Own database, generates the ssh command,
execs into ssh. Passwords come from your OS keyring via SSH_ASKPASS, so nothing ends up in ps or shell history.

Rust + ratatui, MIT/Apache, macOS + Linux.

https://github.com/max-rh/sshelf

#RustLang #CLI #SSH #TUI

Serverdienste und Dateifreigaben im Netzwerk

Samba / NFS und rsync
https://forum.ubuntuusers.de/topic/samba-nfs-und-rsync/
09.06.2026 um 14:33 Uhr

#ubuntuusers #forumuu #linux #opensource #fragenistmenschlich #netzwerk #network #server #webserver #ssh #mysql #nfs #samba #vnc #vpn

I'm hosting a terminal ecosystem podcast and we just released our 6th episode! 🎙️🥳

📺 We talked to @mustache about Glyph protocol and the future of terminals: https://www.youtube.com/watch?v=7uxXyjwp2cI

📢 Today at 19:00 CET, we're back with Mat Piorowski to talk about terminal social platforms ☕

➡️ Join us: https://terminalcollective.org/

#terminal #opensource #rustlang #ssh #podcast #meetup

Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels

A sophisticated supply chain attack campaign has expanded to 471 affected artifacts across npm and PyPI, targeting developers through malicious packages. The campaign uses three distinct delivery methods: executable .pth startup hooks, trojanized native .abi3.so extensions that execute at import time, and a split loader-payload architecture that searches Python's sys.path. Twenty-three newly identified PyPI packages masquerade as bioinformatics tools, AI frameworks, and popular libraries like requests and Flask. The attack deploys heavily obfuscated JavaScript stealers via Bun runtime, harvesting high-value credentials including GitHub tokens, npm registry access, cloud credentials, SSH keys, and CI/CD secrets. The malware employs anti-analysis techniques with fake LLM prompt-injection headers designed to disrupt AI-assisted security scanners, while targeting developer workstations and automated build environments.

Pulse ID: 6a2719a5f6621cb5014a256d
Pulse Link: https://otx.alienvault.com/pulse/6a2719a5f6621cb5014a256d
Pulse Author: AlienVault
Created: 2026-06-08 19:36:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #GitHub #ICS #InfoSec #Java #JavaScript #Malware #NPM #OTX #OpenThreatExchange #PyPI #Python #SSH #SupplyChain #Trojan #Worm #bot #developers #AlienVault

Secure your Linux servers with Passwordless SSH Login.

This guide shows how to:
✓ Generate SSH keys
✓ Configure passwordless authentication
✓ Disable password logins safely
✓ Improve SSH security
✓ Troubleshoot common issues

Perfect for Linux admins, homelab users, and DevOps engineers.

https://www.linuxteck.com/secure-ssh-access-with-passwordless-login/

#Linux #SSH #OpenSSH #DevOps #SysAdmin #LinuxServer #CyberSecurity #linuxteck

I've been chasing a nagging #network problem where I would, at random intervals, lose #ssh connectivity. Well, the solution turned out to be poopy network cables; absolute last thing I would consider.

I happened on the solution quite by accident. My workplace was giving away high quality pre-made 6ft Cat 6 network cables. I said what the hell and picked up enough to replace all of the wiring in my home lab. I figured more speed and more bandwidth. I don't quite yet if I've realized that benefit. But now my SSH sessions aren't dropping out!

Did you know that you can change your credentials without editing your Connection settings? 💡 Read more about our “Prompt for Credentials” option in our Blogpost: https://www.royalapps.com/blog/quick-tip-create-a-connection-which-always-prompt-for-credentials

#devops #itadmin #remotemanagement #RDP #msrdp #remotedesktop #azure #bastion #SSH #terminal #VNC

Miasma Worm Campaign Spreads with New PyPI Wave

A coordinated PyPI compromise campaign involving 37 malicious wheel artifacts across 19 packages was detected, utilizing Python startup hooks to execute credential-stealing payloads. The attack leverages .pth files for automatic execution during Python interpreter startup, downloads the Bun JavaScript runtime, and runs obfuscated JavaScript payloads. The malware targets high-value developer and CI/CD credentials including GitHub, npm, PyPI, cloud providers (AWS, GCP, Azure), Kubernetes, Vault, SSH keys, and AI tool tokens. This represents a PyPI branch of the Shai-Hulud/Miasma campaign family, using a Hades-themed variant for GitHub exfiltration. Compromised packages included established bioinformatics tools with significant download counts, stemming from apparent maintainer account takeover. The payload employs multi-layer obfuscation, AES-GCM encryption, and exfiltrates data through GitHub repositories with distinctive markers. The campaign demonstrates cross-runtime attack capabilities and ecosystem-spe...

Pulse ID: 6a255457476fc6d2bbe99c64
Pulse Link: https://otx.alienvault.com/pulse/6a255457476fc6d2bbe99c64
Pulse Author: AlienVault
Created: 2026-06-07 11:21:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #Azure #Cloud #CyberSecurity #Encryption #GitHub #ICS #InfoSec #Java #JavaScript #Malware #NPM #OTX #OpenThreatExchange #PyPI #Python #RAT #SSH #Worm #bot #AlienVault