ssh-security
Safeguard articles tagged "ssh-security" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Terrapin SSH protocol downgrade attack explained
Terrapin (CVE-2023-48795) lets an on-path attacker silently strip packets from SSH handshakes. Here's how the downgrade works and how to check exposure.
How to rotate SSH keys safely
A step-by-step guide to rotating SSH keys without downtime: inventory existing keys, generate new pairs, cut over safely, revoke old keys, and verify nothing was missed.
How to harden a Linux server
A step-by-step guide to harden Linux server security: SSH hardening, firewalls, patching, CIS benchmark alignment, and verification for production systems.
How to set up a bastion host for secure SSH access
A step-by-step guide to set up bastion host SSH access on AWS, with ProxyJump configs, security group rules, and a verification checklist for hardened jump box access.
CVE-2018-7750: Authentication bypass in paramiko SSH serv...
CVE-2018-7750 lets attackers bypass authentication on Paramiko SSH servers using interactive auth by forging a success message. Impact, timeline, and fixes inside.
CVE-2023-48795: Terrapin attack affecting paramiko SSH ex...
The Terrapin attack (CVE-2023-48795) lets on-path attackers truncate SSH extension negotiation, downgrading security in paramiko and other SSH implementations.
GitHub RSA SSH Key Rotation Incident: Why It Mattered
GitHub rotated its RSA SSH host key after accidental exposure. A small mistake with major supply chain implications for every Git-based workflow.