ssh
Safeguard articles tagged "ssh" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Terrapin Attack (CVE-2023-48795) Explained: SSH's Prefix Truncation Flaw
CVE-2023-48795, the Terrapin attack, is a protocol-level flaw letting a MITM silently truncate the start of an SSH session. Here is how it works, what it downgrades, and how to fix it.
CVE-2020-29652: Denial of service in golang.org/x/crypto/...
A pre-auth nil pointer dereference in golang.org/x/crypto/ssh let a single crafted request crash Go SSH servers. Here's the impact, fix, and remediation path.
CVE-2021-43565: Denial of service in golang.org/x/crypto/...
A crafted SSH packet could crash Go services using golang.org/x/crypto/ssh before the December 2021 fix. What's affected, the severity context, and how to remediate.
SSH Key Management for Organizations: Beyond the Basics
SSH keys provide access to your most critical infrastructure. Most organizations manage them poorly. Here is how to do it right.