Linux and InfoSec folks:
OpenSSH has released version 10. This is the first release with post-quantum algorithms.
At this time, source builds would have it. The only Distros I see releasing 10.0 builds are OpenSuse and Mandriva.
RHEL is still on the 9.x channel.

https://www.openssh.com/releasenotes.html

Non-recommended #OpenSSH tip du jour:

If you have to do as much SSH tunneling as I am doing to investigate this insane network form hell, clearing out the SSH Host Key entries from ~/.ssh/known_hosts gets old fast.

I know I shouldn't do this, but I'm doing it anyways. I've added this to my ~/.ssh/config file:

Host 127.0.0.1
UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no

Essentially, if I am SSH tunneling, i don't store the key, and I don't ask about the key.

Hopefully, I remember to remove this once I finish unfucking this network.

How to update SSH 8.9 to version 10.0 on Ubuntu 22.04? #2204 #ssh #2404 #openssh

https://askubuntu.com/q/1546918/612

Who else got tripped up by the new security settings in sshd (openssh) recently?

* PerSourcePenalties
* PerSourcePenaltyExemptList

Anyone else notice that Android devices seem to trip these up specifically? Haven't dug into traces yet.

#OpenBSD 7.7 has been released (#BSD / #NetBSD / #386BSD / #Unix / #LibreSSL / #OpenSSH / #OpenBGPD / #OpenSMTPD / #OpenNTPD / #OpenIKED / #rpkiClient / #mandoc) https://openbsd.org/

This version will come down the pipe in #Debian Trixie later this year. Other distributions may already have it, or should in the near future.

Headline: #OpenSSH 10.0 Introduces Default Post-Quantum Key Exchange Algorithm - Quantum Computing Report

Source: https://quantumcomputingreport.com/openssh-10-0-introduces-default-post-quantum-key-exchange-algorithm/

How to increase max packet size for internal-sftp on Ubuntu 18.04 (OpenSSH 7.6)? #server #1804 #openssh #sftp

https://askubuntu.com/q/1546418/612

OK, this is a thing I didn't know. In #openssh config files, the first mention wins, not the last.

The overrides in the .d directories are included *first* (normally this happens last - see nginx, sudo, etc) which is how they override things.

https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenSSHConfigOrderMatters

SSH over Openssl over Haproxy - - contourner les blocages https://www.journalduhacker.net/s/mnw1al/ssh_over_openssl_over_haproxy_contourner https://blog.victor-hery.com/2024/02/ssh-openssl-haproxy.html #hébergement #openssh

#OpenSSH 10.0 has been released (#SSH / #SecureShell / #OpenBSD) https://openssh.com/

Neat, OpenSSH client adds variable expansion in "User".
This will allow for much simpler PAM (the privileged access management one) related configuration - for example, expanding user into user%original_hostname etc.

https://github.com/openssh/openssh-portable/commit/bd30cf784d6e825ef71592fb723c41d4f2fd407b

Elegir la identidad SSH que presenta un cliente al servidor

https://blog.jcea.es/posts/20231203-identidad_ssh.html

#PowerShell #OpenSSH PowerShell, OpenSSH, and DSC team investments for 2025 http://dlvr.it/TK8Lvg

Heads up! Kiddos...measure...

#linuxadmin #opensource #tool #openssh

https://www.openssh.com/releasenotes.html#10.0p1

OpenSSH arriba a la versió 10.0. Entre d'altres, inclou l'algoritme mlkem768x25519-sha256, que diuen és a prova d'ordinadors quàntics.

https://www.phoronix.com/news/OpenSSH-10.0-Released

#OpenSSH #Quàntic #mlkem768x25519-sha256

In case anyone is wondering why #ssh (#openssh) is failing silently on #msys2 - seems they pushed out a version that depends on an msys2 runtime version that's stuck in some kind of release queue: https://github.com/msys2/MSYS2-packages/issues/5320

#openssh now defaults to #mlkem768x25519 algorithm for keys. In other words, welcome to quantum resistance being a thing.

Congrats to the team on this release!

https://www.openssh.com/txt/release-10.0

La décima versión de OpenSSH viene con el algoritmo mlkem768xto25519-sha256 activado por defecto, que se considera seguro ante ataques con ordenadores cuánticos y además se ha convertido en norma en el NIST #openssh -> https://hardlimit.com/archivo.php?n=2286