Bleeping Computer

GitHub revokes duplicate SSH auth keys linked to library bug

GitHub has revoked weak SSH authentication keys generated using a library that incorrectly created duplicate RSA keypairs. GitHub allows you to authenticate to their service without a user name and ...
ZDNet

Security flaw in libssh leaves thousands of servers at risk of hijacking

A vulnerability in libssh, a popular library for supporting the Secure Shell (SSH) authentication protocol, leaves thousands, if not more, of enterprise servers open to attacks. The vulnerability ...
MUO on MSN

I manage every remote machine from one window with this open-source app

My daily routine involves managing remote machines and requires juggling several tools. I run an app for SSH, one for RDP, ...
ZDNet

OpenSSH to deprecate SHA-1 logins due to security risk

OpenSSH, the most popular utility for connecting to and managing remote servers, has announced today plans to drop support for its SHA-1 authentication scheme. The OpenSSH team cited security concerns ...
Ars Technica

Millions still haven’t patched Terrapin SSH protocol vulnerability

Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability that allows attackers with a foothold inside affected networks. Once they’re in, attackers ...
Linux Journal

SSH Key Rotation with the POSIX Shell - Sunset Nears for Elderly Keys

OpenBSD has recently stressed to us the value of key rotation by their use of “Signify” distribution release signatures. We have realized that SSH keys should also rotate, to reduce the risk of ...