openssh-portable
ssh-mitm
Our great sponsors
openssh-portable | ssh-mitm | |
---|---|---|
39 | 42 | |
2,749 | 1,211 | |
3.0% | 2.0% | |
9.4 | 8.8 | |
3 days ago | 6 days ago | |
C | Python | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
openssh-portable
-
Terrapin Attack for prefix injection in SSH
Unless I'm misunderstanding what this is about RFC5647 merely points out that the sequence number is included as AAD due to RFC4253 requirements. The [email protected] specification is not exactly the most rigorous thing I've ever seen (https://github.com/openssh/openssh-portable/blob/master/PROT...) but reading it, the sequence number is only included in the IV, and not as AAD, which directly runs afoul of the RFC4253 section 6.4 requirement for it to be included in the MAC.
- SSH3: SSH using HTTP/3 and QUIC
-
An Excruciatingly Detailed Guide to SSH (But Only the Things I Find Useful)
There's a current pull request for adding AF_UNIX support, which should make all kinds of exciting forwarding possible, since it will make it easy to proxy ssh connections through an arbitrary local process which can do anything to forward the data to the remote end.
-
Project on GitHub - Customizable Arch Linux Podman images based on the official Arch Linux Docker image
OpenSSH server (allows connecting to containers)
-
Funds of every Trust Wallet browser extension could have been stolen
It doesn't, at least not for generic/unmodified cryptographic applications.
WebAuthN signatures are of a very specific challenge/response format that applications need to explicitly support. For example, SSH had to add new key and signature formats [1] to support it.
Theoretically, a blockchain/cryptocurrency application could adopt the WebAuthN signature format as its canonical or an alternative signature format, but I'm not aware of any popular one having done so.
[1] https://github.com/openssh/openssh-portable/blob/master/PROT...
-
We updated our RSA SSH host key
I just tested it and looked at the code briefly; the client fortunately does seem to remove all keys not provided by the server: https://github.com/openssh/openssh-portable/blob/36c6c3eff5e...
It seems like at least a `known_hosts` compromise would be "self-healing" after connecting to the legitimate github.com server once.
-
OpenAI Execs Say They're Shocked by ChatGPT's Popularity
And OpenVAS and OpenSSH and OpenBSD and OpenNN and OpenAFS and on and on and on
-
Show /r/rust: signet - code signing tool
Hello /r/rust, I've built signet (crate), a code signing tool that makes it really easy to sign your git commits and arbitrary files such as build outputs. signet uses OpenSSH's key and signature formats, making it easy to migrate from, or to, ssh-keygen or another compatible tool.
-
SSH Tips and Tricks
Well, it used to break scp, but then I fixed scp: https://github.com/openssh/openssh-portable/commit/77e05394a...
-
How I would sell OpenBSD as a salesperson
> You have to realize that a lot of BSD enthusiasts are people who have let "being a *BSD user" subsume their whole identity and there's a lot of "Linux is for noobs"-style elitism.
As someone using Debian, Ubuntu, OpenBSD, and other OSs regularly, what I'm experiencing is perhaps less "elitism" on the BSD side, and more of: "hey, we're also here, it would be nice if you could consider us sometimes". The BSDs traditionally have different ways of doing some things, which are equally as valid, but e.g. OpenSSH considers the needs of Linux users, and provides sandboxing through seccomp[1] (which NB is quite an achievement to get right, contrast with pledge[2]).
[1]: https://github.com/openssh/openssh-portable/blob/master/sand...
ssh-mitm
-
Terrapin Attack for prefix injection in SSH
There is now an issue ticket in ssh-mitm to discuss the similarities between ssh-mitm and terrapin attack: https://github.com/ssh-mitm/ssh-mitm/issues/165
-
SSH-MITM - Support for OpenSSH's certificate authority planned
You should check the Revisionhistory of the Readme file first.. https://github.com/ssh-mitm/ssh-mitm/commit/564028af25c395528446fbb679c7392469d59bfd
-
SSH-MitM 2.0.0 – Licence change to GPLv3
According to the commit log this is the license the repo was created with in 2020[0] title should be "SSH-MitM doesn't change it's license". Just a point fishing attempt? It does seem to be undoing a customized wording of the GPLv3 from Dec/2020[1]
[0]: https://github.com/ssh-mitm/ssh-mitm/commit/f4263d19211f080f...
The “customized wording” you’re seeing is “The LGPL”. It’s a different license from the GPL.
The history on the repo shows that the original license was GPL (June 2020), the author changed the license to LGPL (December 2022), and now they’re changing it to GPL again. https://github.com/ssh-mitm/ssh-mitm/commits/master/LICENSE
-
GitHub - Developers Support Ukraine
I have already added a badge to my repository: https://github.com/ssh-mitm/ssh-mitm
-
SSH – Spoofing FIDO2 Tokens
Tangential: I found the documentation for this at https://docs.ssh-mitm.at/ to be good since it went into the underlying concepts and working in some detail. As someone who uses ssh with key based authentication but hasn’t learned this at a deeper level — neither ssh nor the configuration (security, usability, etc.) — what are some good tutorials and sources to follow (I think text with diagrams and/or videos would be helpful)?
-
SSH Agent Forwarding - What are the best practices and current security issues?
Disclosure: I'm the author of SSH-MITM and the patch for PuTTY to disable trivial authentication. I want to provide more information on how to protect ssh sessions and avoid security problems.
What are some alternatives?
cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
docker-sshd - Minimal Alpine Linux Docker image with sshd exposed and rsync installed
sftpretty - Provides multi-threaded routines and high level protocol abstractions for a pretty quick & simple file transfer experience. Drop in replacement for pysftp.
gentoo - [MIRROR] Official Gentoo ebuild repository
super-auto-pets - A tool to allow for viewing of arbitrary Super Auto Pets replays
guardian-agent - [beta] Guardian Agent: secure ssh-agent forwarding for Mosh and SSH
mitm - 👨🏼💻 A customizable man-in-the-middle TCP intercepting proxy.
wezterm - A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust
mac-ssh-confirm - Protect against SSH Agent Hijacking on Mac OS X with the ability to confirm agent identities prior to each use
dit - DIT is a DTLS MitM proxy implemented in Python 3. It can intercept, manipulate and suppress datagrams between two DTLS endpoints and supports psk-based and certificate-based authentication schemes (RSA + ECC).
ssh-mitm - SSH man-in-the-middle tool
OpenSSL - TLS/SSL and crypto library