If you used OpenSSH this year you should consider kicking a few bucks over to The OpenBSD Foundation (https://www.openbsdfoundation.org/donations.html)
The few, the proud, the people who donate to open source projects.
If you used OpenSSH this year you should consider kicking a few bucks over to The OpenBSD Foundation (https://www.openbsdfoundation.org/donations.html)
The few, the proud, the people who donate to open source projects.
New blogpost: Using a SSH config: https://h3artbl33d.nl/blog/using-a-ssh-config
New blogpost: Using a SSH config: https://h3artbl33d.nl/blog/using-a-ssh-config
I submitted a Pull Request to update MacPorts' OpenSSH to 10.1p1 here:
https://github.com/macports/macports-ports/pull/28592
GitHub Continuous Integration checks passed OK!
Alas, the agent.patch that iamGavinJ had created, doesn't apply cleanly, in large part because ssh-agent.c has been reworked significantly with this release.
Subsequently, I closed this previous Pull Request: https://github.com/macports/macports-ports/pull/28592 not because I didn't want to restore that functionality to launchd, but because it will require more effort than I can give such things at this time.
But, check out these improvements to ssh-agent from the OpenSSH 10.1 release notes:
"ssh-agent(1)](https://man.openbsd.org/ssh-agent.1), sshd(8): move agent listener sockets from /tmp to
under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets
in sshd(8).
This ensures processes that have restricted filesystem access
that includes /tmp do not ambiently have the ability to use keys
in an agent.
Moving the default directory has the consequence that the OS will
no longer clean up stale agent sockets, so ssh-agent now gains
this ability.
To support $HOME on NFS, the socket path includes a truncated
hash of the hostname. ssh-agent will, by default, only clean up
sockets from the same hostname.
ssh-agent(1) gains some new flags: -U suppresses the automatic
cleanup of stale sockets when it starts. -u forces a cleanup
without keeping a running agent, -uu forces a cleanup that ignores
the hostname. -T makes ssh-agent put the socket back in /tmp."
Anyway, I updated this as well:
https://trac.macports.org/ticket/72482
I should probably actually close this ticket now that I think of it (fingers crossed that adding that to the PR is sufficient, since I forgot to add that note to the commit message as is typically preferred: https://trac.macports.org/ticket/73084).
#OpenSSH #MacPorts #SecureShell #macOS #encryption #security #infosec
I submitted a Pull Request to update MacPorts' OpenSSH to 10.1p1 here:
https://github.com/macports/macports-ports/pull/28592
GitHub Continuous Integration checks passed OK!
Alas, the agent.patch that iamGavinJ had created, doesn't apply cleanly, in large part because ssh-agent.c has been reworked significantly with this release.
Subsequently, I closed this previous Pull Request: https://github.com/macports/macports-ports/pull/28592 not because I didn't want to restore that functionality to launchd, but because it will require more effort than I can give such things at this time.
But, check out these improvements to ssh-agent from the OpenSSH 10.1 release notes:
"ssh-agent(1)](https://man.openbsd.org/ssh-agent.1), sshd(8): move agent listener sockets from /tmp to
under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets
in sshd(8).
This ensures processes that have restricted filesystem access
that includes /tmp do not ambiently have the ability to use keys
in an agent.
Moving the default directory has the consequence that the OS will
no longer clean up stale agent sockets, so ssh-agent now gains
this ability.
To support $HOME on NFS, the socket path includes a truncated
hash of the hostname. ssh-agent will, by default, only clean up
sockets from the same hostname.
ssh-agent(1) gains some new flags: -U suppresses the automatic
cleanup of stale sockets when it starts. -u forces a cleanup
without keeping a running agent, -uu forces a cleanup that ignores
the hostname. -T makes ssh-agent put the socket back in /tmp."
Anyway, I updated this as well:
https://trac.macports.org/ticket/72482
I should probably actually close this ticket now that I think of it (fingers crossed that adding that to the PR is sufficient, since I forgot to add that note to the commit message as is typically preferred: https://trac.macports.org/ticket/73084).
#OpenSSH #MacPorts #SecureShell #macOS #encryption #security #infosec
Post-Quantum Cryptography Advice Added to OpenSSH Website https://www.undeadly.org/cgi?action=article;sid=20250811110058 #openbsd #openssh #ssh #cryptography #postquantum #postq #crypto #security #libresoftware #freesoftware #bsd
Post-Quantum Cryptography Advice Added to OpenSSH Website https://www.undeadly.org/cgi?action=article;sid=20250811110058 #openbsd #openssh #ssh #cryptography #postquantum #postq #crypto #security #libresoftware #freesoftware #bsd
Wth, after the latest #OpenSSH update the daemon only listens on IPv6 addresses? Is that just me? Lol #Linux
lsof -i -n -P | grep sshd
sshd 63245 root 3u IPv6 4882 0t0 TCP *:22 (LISTEN)
Recent new features in OpenSSH https://www.undeadly.org/cgi?action=article;sid=20250802084523 #openbsd #openssh #ssh #newfeatures #development #security #freesoftware #libresoftware #crypto #cryptography
Recent new features in OpenSSH https://www.undeadly.org/cgi?action=article;sid=20250802084523 #openbsd #openssh #ssh #newfeatures #development #security #freesoftware #libresoftware #crypto #cryptography
An unimportant remnant of the past has been removed from open SSH;
DSA.
Read about it in this article the next article linked will show you that it has been removed finally
#SSH#openSSH#DSA #programming #coding#OpenSource#openBSD#BSD#secureShell#Infosec
This article shows that DSA has finally been removed
#SSH#openSSH#DSA #programming #coding#OpenSource#openBSD#BSD#secureShell#Infosec
