Search
Items tagged with: openssh
Excellent summary by Solar Designer on oss-security of what's happened in the last two weeks in response to the #xz #backdoor:
https://www.openwall.com/lists/oss-security/2024/04/16/5
Noteworthy:
- #OpenSSH implemented systemd notification
- #systemd moves to dlopen(3) for some dependencies
- another detailed timeline at https://research.swtch.com/xz-timeline
- similar social engineering takeover attempts suspected in #OpenJS and #OpenSSF
We have just issued the first #release of #sshd-openpgp-auth and #ssh-openpgp-auth.
Using this server and client-side tooling it is possible to manage the #authentication of #SSH host keys with the help of an #OpenPGP certificate as trust anchor.
https://crates.io/crates/sshd-openpgp-auth
https://crates.io/crates/ssh-openpgp-auth
Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!
#DNS #KeyOxide #KnownHosts #OpenSSH #Rustlang #Software #WebKeyDirectory #WebOfTrust #WKD #WoT