Safeguard
Tag

ssh-security

Safeguard articles tagged "ssh-security" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Vulnerability Analysis

Terrapin SSH protocol downgrade attack explained

Terrapin (CVE-2023-48795) lets an on-path attacker silently strip packets from SSH handshakes. Here's how the downgrade works and how to check exposure.

May 5, 20266 min read
Identity Security

How to rotate SSH keys safely

A step-by-step guide to rotating SSH keys without downtime: inventory existing keys, generate new pairs, cut over safely, revoke old keys, and verify nothing was missed.

Feb 18, 20268 min read
Infrastructure Security

How to harden a Linux server

A step-by-step guide to harden Linux server security: SSH hardening, firewalls, patching, CIS benchmark alignment, and verification for production systems.

Feb 13, 20268 min read
Industry Analysis

How to set up a bastion host for secure SSH access

A step-by-step guide to set up bastion host SSH access on AWS, with ProxyJump configs, security group rules, and a verification checklist for hardened jump box access.

Feb 12, 20267 min read
Vulnerability Analysis

CVE-2018-7750: Authentication bypass in paramiko SSH serv...

CVE-2018-7750 lets attackers bypass authentication on Paramiko SSH servers using interactive auth by forging a success message. Impact, timeline, and fixes inside.

Oct 2, 20258 min read
Vulnerability Analysis

CVE-2023-48795: Terrapin attack affecting paramiko SSH ex...

The Terrapin attack (CVE-2023-48795) lets on-path attackers truncate SSH extension negotiation, downgrading security in paramiko and other SSH implementations.

Oct 2, 20258 min read
Incident Response

GitHub RSA SSH Key Rotation Incident: Why It Mattered

GitHub rotated its RSA SSH host key after accidental exposure. A small mistake with major supply chain implications for every Git-based workflow.

Jan 25, 20236 min read
ssh-security — Safeguard Blog