{"id":1068,"date":"2024-12-14T10:45:31","date_gmt":"2024-12-14T09:45:31","guid":{"rendered":"https:\/\/www.cipv6.de\/worp\/?p=1068"},"modified":"2024-12-14T10:45:33","modified_gmt":"2024-12-14T09:45:33","slug":"ssh-security-made-easy-an-introduction-to-ssh-audit","status":"publish","type":"post","link":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/","title":{"rendered":"SSH Security Made Easy: An Introduction to ssh-audit"},"content":{"rendered":"\n<p class=\"has-medium-font-size\"><code><a href=\"https:\/\/github.com\/jtesta\/ssh-audit\">ssh-audit<\/a><\/code> is a powerful tool designed to help you assess the security of your SSH servers (and clients!). It provides detailed information about the server&#8217;s configuration, supported algorithms, and potential vulnerabilities. In this guide, I&#8217;ll walk you through the steps to install <code><a href=\"https:\/\/github.com\/jtesta\/ssh-audit\">ssh-audit<\/a><\/code> and run your first security tests. Secure SSH configuration made easy.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a01e089b3c5d\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a01e089b3c5d\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#Installation_on_Linux\" >Installation on Linux<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#Installation_on_macOS\" >Installation on macOS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#Test_the_SSH-Server_against_vulnerabilities\" >Test the SSH-Server against vulnerabilities<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#Remediation\" >Remediation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#Proof_the_remediation\" >Proof the remediation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#How_can_I_test_if_my_SSH-Client_is_not_vulnerable\" >How can I test if my SSH-Client is not vulnerable ?<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Installation_on_Linux\"><\/span>Installation on Linux<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>Clone the Repository:<\/strong> Open your terminal and clone the <code>ssh-audit<\/code> repository from GitHub:<br><code>git clone https:\/\/github.com\/jtesta\/ssh-audit.git<\/code><\/li>\n\n\n\n<li><strong>Navigate to the Directory:<\/strong> Change to the <code>ssh-audit<\/code> directory:<br> <code>cd ssh-audit<\/code><\/li>\n\n\n\n<li><strong>Install Dependencies:<\/strong> Ensure you have Python installed on your system. If not, install it using your package manager. For example, on Ubuntu:<br><code>sudo apt-get install python3<\/code><\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Installation_on_macOS\"><\/span>Installation on macOS<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"has-medium-font-size\">To install ssh-audit , run:<br><code>brew install ssh-audit<\/code><br>(You have already <a href=\"https:\/\/brew.sh\">Brew<\/a> installed, right ?)<\/p>\n\n\n\n<p><em>Please check the <a href=\"https:\/\/github.com\/jtesta\/ssh-audit\">ssh-audit<\/a> url for many other setup options (Docker,Windows,etc.) <\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Test_the_SSH-Server_against_vulnerabilities\"><\/span>Test the SSH-Server against vulnerabilities<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><strong>execute <code>ssh-audit <code>&lt;hostname><\/code><\/code><\/strong><br><em>Replace <code>&lt;hostname><\/code> with the IP address or domain name of the SSH server you want to audit. <\/em><\/p>\n\n\n\n<p>Example of Ubuntu&#8217;s 24.04 LTS default SSHD setup:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-style-default\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"840\" height=\"1005\" data-attachment-id=\"1073\" data-permalink=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/beforehardening\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/beforehardening.png?fit=2752%2C3294&amp;ssl=1\" data-orig-size=\"2752,3294\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"beforehardening\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/beforehardening.png?fit=840%2C1005&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/beforehardening.png?resize=840%2C1005&#038;ssl=1\" alt=\"\" class=\"wp-image-1073\" srcset=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/beforehardening.png?resize=856%2C1024&amp;ssl=1 856w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/beforehardening.png?resize=251%2C300&amp;ssl=1 251w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/beforehardening.png?resize=768%2C919&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/beforehardening.png?resize=1283%2C1536&amp;ssl=1 1283w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/beforehardening.png?resize=1711%2C2048&amp;ssl=1 1711w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/beforehardening.png?resize=1200%2C1436&amp;ssl=1 1200w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/beforehardening.png?w=2520&amp;ssl=1 2520w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<p>(if you add the <strong><code>-l warn<\/code><\/strong> switch you just get the vulnerabilities presented)<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>Interpreting the Results:<\/strong> <code>ssh-audit<\/code> will provide a detailed report of the server&#8217;s configuration, including supported key exchange algorithms, encryption ciphers, and MAC algorithms. Look for any warnings or recommendations to improve your server&#8217;s security.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Remediation\"><\/span>Remediation<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>After running <code>ssh-audit<\/code> and identifying potential vulnerabilities or weak configurations in your SSH server, it&#8217;s important to take steps to remediate these issues. Below are  examples of how to apply them:<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>Example for Ubuntu 24.04.1 LTS:<\/strong><\/p>\n\n\n\n<p class=\"has-small-font-size\">(Note: This is just an example. The example eliminates vulnerabilities for the SSH-daemon, but it can well be that this snippet does not fit for your setup. Handle with care)<\/p>\n\n\n\n<p class=\"has-medium-font-size\">This snippet creates a configuration file (<code>51-ssh-harden_202412.conf<\/code>) in directory <code>\/etc\/ssh\/sshd_config.d\/<\/code> with the specified settings to enhance the security of your SSH server.<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-dark-gray-background-color has-text-color has-background has-link-color wp-elements-d3d2d1ac5a6ca18319eb737953f6cb32\"><code lang=\"bash\" class=\"language-bash\">echo -e \"\\n# Restrict key exchange, cipher, and MAC algorithms\n# Key Exchange Algorithms\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\n\n# Ciphers\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\n\n# Message Authentication Codes (MACs)\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\n\n# Host Key Algorithms\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com\" > \/etc\/ssh\/sshd_config.d\/51-ssh-harden_202412.conf\n<\/code><\/pre>\n\n\n\n<p class=\"has-small-font-size\">(SSHD restart required)<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><br><br><strong>Example for RHEL 9.4<\/strong><\/p>\n\n\n\n<p class=\"has-small-font-size\">(Note: This is just an example. This example eliminates vulnerabilities for the SSH-daemon, but it can well be that this snippet does not fit for your setup. Handle with care)<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-dark-gray-background-color has-text-color has-background has-link-color wp-elements-aa2b7af158a490532bcb9d8e8b7de7be\"><code lang=\"bash\" class=\"language-bash\"># Backup the original OpenSSH server configuration file \ncp \/etc\/crypto-policies\/back-ends\/opensshserver.config \/etc\/crypto-policies\/back-ends\/opensshserver.config.orig\n# Update the OpenSSH server configuration with specific cryptographic policies\necho -e \"\n# Ciphers: Specifies the encryption algorithms used to secure the SSH session\nCiphers=aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\n\n# Message Authentication Codes (MACs): Defines the algorithms used to ensure data integrity and authenticity\nMACs=hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\n\n# GSSAPI Key Exchange Algorithms: Specifies the algorithms used for GSSAPI key exchange\nGSSAPIKexAlgorithms=gss-curve25519-sha256-\n\n# Key Exchange Algorithms (KexAlgorithms): Lists the algorithms used for key exchange during the SSH handshake\nKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\n\n# Host Key Algorithms: Lists the algorithms used for verifying the server's host key\nHostKeyAlgorithms=ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512\n\n# Public Key Accepted Key Types: Specifies the types of public keys accepted for authentication\nPubkeyAcceptedKeyTypes=ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512\n\" > \/etc\/crypto-policies\/back-ends\/opensshserver.config\n<\/code><\/pre>\n\n\n\n<p class=\"has-small-font-size\">(SSHD restart required)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Proof_the_remediation\"><\/span>Proof the remediation<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"has-medium-font-size\">run <code>ssh-audit<\/code> again!<\/p>\n\n\n\n<p><strong>Example-output after remediation:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"840\" height=\"422\" data-attachment-id=\"1077\" data-permalink=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/afterhardening\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/afterHardening.png?fit=3280%2C1648&amp;ssl=1\" data-orig-size=\"3280,1648\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"afterHardening\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/afterHardening.png?fit=840%2C422&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/afterHardening.png?resize=840%2C422&#038;ssl=1\" alt=\"\" class=\"wp-image-1077\" srcset=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/afterHardening.png?resize=1024%2C514&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/afterHardening.png?resize=300%2C151&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/afterHardening.png?resize=768%2C386&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/afterHardening.png?resize=1536%2C772&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/afterHardening.png?resize=2048%2C1029&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/afterHardening.png?resize=1200%2C603&amp;ssl=1 1200w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/afterHardening.png?w=1680&amp;ssl=1 1680w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/afterHardening.png?w=2520&amp;ssl=1 2520w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_can_I_test_if_my_SSH-Client_is_not_vulnerable\"><\/span>How can I test if my SSH-Client is not vulnerable ?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"has-medium-font-size\">If you run ssh-audit with the switch -c it creates an ssh-service on port 2222 and audits every connection attempt:<\/p>\n\n\n\n<p><strong>output after the login-attempt (<code>ssh 127.0.0.1 -p 2222<\/code>)<\/strong><\/p>\n\n\n\n<pre title=\"output after the login-attempt (ssh 127.0.0.1 -p 2222)\" class=\"wp-block-code has-white-color has-dark-gray-background-color has-text-color has-background has-link-color wp-elements-d6beaf469aceb668a3ba3a052cd89e1f\"><code lang=\"bash\" class=\"language-bash\">\u279c  ~ ssh-audit -c\n# general\n(gen) client IP: 127.0.0.1\n(gen) banner: SSH-2.0-OpenSSH_9.8\n(gen) software: OpenSSH 9.8\n(gen) compression: enabled (zlib@openssh.com, zlib)\n\n# key exchange algorithms\n(kex) sntrup761x25519-sha512@openssh.com           -- [info] available since OpenSSH 8.5\n                                                   `- [info] default key exchange from OpenSSH 9.0 to 9.8\n                                                   `- [info] hybrid key exchange based on post-quantum resistant algorithm and proven conventional X25519 algorithm\n(kex) curve25519-sha256                            -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76\n                                                   `- [info] default key exchange from OpenSSH 7.4 to 8.9\n(kex) curve25519-sha256@libssh.org                 -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62\n(kex) diffie-hellman-group-exchange-sha256         -- [info] available since OpenSSH 4.4\n(kex) diffie-hellman-group16-sha512                -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73\n(kex) diffie-hellman-group18-sha512                -- [info] available since OpenSSH 7.3\n(kex) ext-info-c                                   -- [info] available since OpenSSH 7.2\n                                                   `- [info] pseudo-algorithm that denotes the peer supports RFC8308 extensions\n(kex) kex-strict-c-v00@openssh.com                 -- [info] pseudo-algorithm that denotes the peer supports a stricter key exchange method as a counter-measure to the Terrapin attack (CVE-2023-48795)\n\n# host-key algorithms\n(key) ssh-ed25519-cert-v01@openssh.com             -- [info] available since OpenSSH 6.5\n(key) sk-ssh-ed25519-cert-v01@openssh.com          -- [info] available since OpenSSH 8.2\n(key) rsa-sha2-512-cert-v01@openssh.com            -- [info] available since OpenSSH 7.8\n(key) rsa-sha2-256-cert-v01@openssh.com            -- [info] available since OpenSSH 7.8\n(key) ssh-ed25519                                  -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79\n(key) sk-ssh-ed25519@openssh.com                   -- [info] available since OpenSSH 8.2\n(key) rsa-sha2-512                                 -- [info] available since OpenSSH 7.2\n(key) rsa-sha2-256                                 -- [info] available since OpenSSH 7.2, Dropbear SSH 2020.79\n\n# encryption algorithms (ciphers)\n(enc) chacha20-poly1305@openssh.com                -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79\n                                                   `- [info] default cipher since OpenSSH 6.9\n(enc) aes128-ctr                                   -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52\n(enc) aes192-ctr                                   -- [info] available since OpenSSH 3.7\n(enc) aes256-ctr                                   -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52\n(enc) aes128-gcm@openssh.com                       -- [info] available since OpenSSH 6.2\n(enc) aes256-gcm@openssh.com                       -- [info] available since OpenSSH 6.2\n\n# message authentication code algorithms\n(mac) umac-128-etm@openssh.com                     -- [info] available since OpenSSH 6.2\n(mac) hmac-sha2-256-etm@openssh.com                -- [info] available since OpenSSH 6.2\n(mac) hmac-sha2-512-etm@openssh.com                -- [info] available since OpenSSH 6.2\n\n\n# algorithm recommendations (for OpenSSH 9.8)\n(rec) -ecdh-sha2-nistp256                          -- kex algorithm to remove\n(rec) -ecdh-sha2-nistp384                          -- kex algorithm to remove\n(rec) -ecdh-sha2-nistp521                          -- kex algorithm to remove\n(rec) -ecdsa-sha2-nistp256                         -- key algorithm to remove\n(rec) -ecdsa-sha2-nistp256-cert-v01@openssh.com    -- key algorithm to remove\n(rec) -ecdsa-sha2-nistp384                         -- key algorithm to remove\n(rec) -ecdsa-sha2-nistp384-cert-v01@openssh.com    -- key algorithm to remove\n(rec) -ecdsa-sha2-nistp521                         -- key algorithm to remove\n(rec) -ecdsa-sha2-nistp521-cert-v01@openssh.com    -- key algorithm to remove\n(rec) -hmac-sha1                                   -- mac algorithm to remove\n(rec) -hmac-sha1-etm@openssh.com                   -- mac algorithm to remove\n(rec) -sk-ecdsa-sha2-nistp256-cert-v01@openssh.com -- key algorithm to remove\n(rec) -sk-ecdsa-sha2-nistp256@openssh.com          -- key algorithm to remove\n(rec) -diffie-hellman-group14-sha256               -- kex algorithm to remove\n(rec) -hmac-sha2-256                               -- mac algorithm to remove\n(rec) -hmac-sha2-512                               -- mac algorithm to remove\n(rec) -umac-128@openssh.com                        -- mac algorithm to remove\n(rec) -umac-64-etm@openssh.com                     -- mac algorithm to remove\n(rec) -umac-64@openssh.com                         -- mac algorithm to remove<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\"><br><strong><em>Make your SSH-communication more secure, if not the SSH-Service opens an attack surface for uninvited visitors<\/em><\/strong>.<br><strong><em>Secure SSH configuration is Key! <\/em><\/strong><br><br>Consider other additional security-steps like:<br><a href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/\">Secure your SSH communication with certificates<\/a><br><a href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/09\/06\/manual-steps-for-certificate-based-ssh-communication\/\">Lab setup: Secure your SSH communication with certificates<\/a><br><a href=\"https:\/\/github.com\/fail2ban\/fail2ban\">Fail2Ban: ban hosts that cause multiple authentication errors<\/a><br>&#8230;<br>..<br>.<br><br><br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ssh-audit is a powerful tool designed to help you assess the security of your SSH servers (and clients!). It provides detailed information about the server&#8217;s configuration, supported algorithms, and potential vulnerabilities. In this guide, I&#8217;ll walk you through the steps to install ssh-audit and run your first security tests. Secure SSH configuration made easy. Installation &hellip; <a href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;SSH Security Made Easy: An Introduction to ssh-audit&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":1080,"comment_status":"open","ping_status":"open","sticky":false,"template":"template-page-builder-no-sidebar.php","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Are you confident in the security of your SSH servers and clients? Discover how ssh-audit can help you identify vulnerabilities and enhance your SSH configurations.","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[61,63,62],"tags":[],"class_list":["post-1068","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-macos","category-ssh"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SSH Security Made Easy: An Introduction to ssh-audit - cipv6.de<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SSH Security Made Easy: An Introduction to ssh-audit - cipv6.de\" \/>\n<meta property=\"og:description\" content=\"ssh-audit is a powerful tool designed to help you assess the security of your SSH servers (and clients!). It provides detailed information about the server&#8217;s configuration, supported algorithms, and potential vulnerabilities. In this guide, I&#8217;ll walk you through the steps to install ssh-audit and run your first security tests. Secure SSH configuration made easy. Installation &hellip; Continue reading &quot;SSH Security Made Easy: An Introduction to ssh-audit&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/\" \/>\n<meta property=\"og:site_name\" content=\"cipv6.de\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-14T09:45:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-14T09:45:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ugu5ma\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ugu5ma\" \/>\n<meta name=\"twitter:site\" content=\"@ugu5ma\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ugu5ma\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/\"},\"author\":{\"name\":\"ugu5ma\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#\\\/schema\\\/person\\\/5d62b275485540be9e5e9e33d4fab86d\"},\"headline\":\"SSH Security Made Easy: An Introduction to ssh-audit\",\"datePublished\":\"2024-12-14T09:45:31+00:00\",\"dateModified\":\"2024-12-14T09:45:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/\"},\"wordCount\":424,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#\\\/schema\\\/person\\\/5d62b275485540be9e5e9e33d4fab86d\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.cipv6.de\\\/worp\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1\",\"articleSection\":[\"Linux\",\"MacOS\\\/IOS\",\"SSH\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/\",\"url\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/\",\"name\":\"SSH Security Made Easy: An Introduction to ssh-audit - cipv6.de\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.cipv6.de\\\/worp\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1\",\"datePublished\":\"2024-12-14T09:45:31+00:00\",\"dateModified\":\"2024-12-14T09:45:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.cipv6.de\\\/worp\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.cipv6.de\\\/worp\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1\",\"width\":1024,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/12\\\/14\\\/ssh-security-made-easy-an-introduction-to-ssh-audit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SSH Security Made Easy: An Introduction to ssh-audit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#website\",\"url\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/\",\"name\":\"cipv6.de\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#\\\/schema\\\/person\\\/5d62b275485540be9e5e9e33d4fab86d\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#\\\/schema\\\/person\\\/5d62b275485540be9e5e9e33d4fab86d\",\"name\":\"ugu5ma\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g\",\"caption\":\"ugu5ma\"},\"logo\":{\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g\"},\"sameAs\":[\"https:\\\/\\\/cipv6.de\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SSH Security Made Easy: An Introduction to ssh-audit - cipv6.de","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/","og_locale":"en_US","og_type":"article","og_title":"SSH Security Made Easy: An Introduction to ssh-audit - cipv6.de","og_description":"ssh-audit is a powerful tool designed to help you assess the security of your SSH servers (and clients!). It provides detailed information about the server&#8217;s configuration, supported algorithms, and potential vulnerabilities. In this guide, I&#8217;ll walk you through the steps to install ssh-audit and run your first security tests. Secure SSH configuration made easy. Installation &hellip; Continue reading \"SSH Security Made Easy: An Introduction to ssh-audit\"","og_url":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/","og_site_name":"cipv6.de","article_published_time":"2024-12-14T09:45:31+00:00","article_modified_time":"2024-12-14T09:45:33+00:00","og_image":[{"width":1024,"height":1024,"url":"https:\/\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg","type":"image\/jpeg"}],"author":"ugu5ma","twitter_card":"summary_large_image","twitter_creator":"@ugu5ma","twitter_site":"@ugu5ma","twitter_misc":{"Written by":"ugu5ma","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#article","isPartOf":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/"},"author":{"name":"ugu5ma","@id":"https:\/\/www.cipv6.de\/worp\/#\/schema\/person\/5d62b275485540be9e5e9e33d4fab86d"},"headline":"SSH Security Made Easy: An Introduction to ssh-audit","datePublished":"2024-12-14T09:45:31+00:00","dateModified":"2024-12-14T09:45:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/"},"wordCount":424,"commentCount":0,"publisher":{"@id":"https:\/\/www.cipv6.de\/worp\/#\/schema\/person\/5d62b275485540be9e5e9e33d4fab86d"},"image":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1","articleSection":["Linux","MacOS\/IOS","SSH"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/","url":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/","name":"SSH Security Made Easy: An Introduction to ssh-audit - cipv6.de","isPartOf":{"@id":"https:\/\/www.cipv6.de\/worp\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#primaryimage"},"image":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1","datePublished":"2024-12-14T09:45:31+00:00","dateModified":"2024-12-14T09:45:33+00:00","breadcrumb":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#primaryimage","url":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1","width":1024,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cipv6.de\/worp\/"},{"@type":"ListItem","position":2,"name":"SSH Security Made Easy: An Introduction to ssh-audit"}]},{"@type":"WebSite","@id":"https:\/\/www.cipv6.de\/worp\/#website","url":"https:\/\/www.cipv6.de\/worp\/","name":"cipv6.de","description":"","publisher":{"@id":"https:\/\/www.cipv6.de\/worp\/#\/schema\/person\/5d62b275485540be9e5e9e33d4fab86d"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cipv6.de\/worp\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.cipv6.de\/worp\/#\/schema\/person\/5d62b275485540be9e5e9e33d4fab86d","name":"ugu5ma","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g","caption":"ugu5ma"},"logo":{"@id":"https:\/\/secure.gravatar.com\/avatar\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g"},"sameAs":["https:\/\/cipv6.de"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9uBTs-he","jetpack-related-posts":[{"id":973,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/09\/06\/manual-steps-for-certificate-based-ssh-communication\/","url_meta":{"origin":1068,"position":0},"title":"Lab setup: Secure your SSH communication with certificates","author":"ugu5ma","date":"September 6, 2024","format":false,"excerpt":"When you Ssh the first time to a host the screen shows something like: ssh test@10.50.100.110 The authenticity of host '10.50.100.110 (10.50.100.110)' can't be established. ED25519 key fingerprint is SHA256:jCJ0TIJkKnjgu3RTv5eGER7p4IN5Tb\/JpTEVJNMfpMs. This key is not known by any other names Are you sure you want to continue connecting (yes\/no\/[fingerprint])? Be honest:\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/09\/ssh_cover.jpeg?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/09\/ssh_cover.jpeg?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/09\/ssh_cover.jpeg?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/09\/ssh_cover.jpeg?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":954,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/","url_meta":{"origin":1068,"position":1},"title":"Secure your SSH communication with certificates","author":"ugu5ma","date":"August 28, 2024","format":false,"excerpt":"How about securing your SSH-Server to only support login-attempts including a valid signed certificate from a trusted CA ? This sounds pretty cool, but there are a couple of pitfalls which should be outlined first: OpenSSH supports cert-based authentication since version 5.4 (in 2010) OpenSSH does not support x.509-certificates !\u2026","rel":"","context":"In &quot;Linux&quot;","block_context":{"text":"Linux","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":1335,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/05\/04\/tmux-beats-disown-for-persistent-ssh-sessions\/","url_meta":{"origin":1068,"position":2},"title":"tmux Beats disown for Persistent SSH Sessions","author":"ugu5ma","date":"May 4, 2025","format":false,"excerpt":"Why Terminal Session Persistence Matters Imagine this: you SSH into your server to launch a data backup that takes a couple of hours. Halfway through, your internet connection drops \u2014 and with it, the SSH session. When you reconnect, the process is gone. You have to start all over again,\u2026","rel":"","context":"In &quot;Linux&quot;","block_context":{"text":"Linux","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/05\/tmuxdisown.jpg?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/05\/tmuxdisown.jpg?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/05\/tmuxdisown.jpg?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/05\/tmuxdisown.jpg?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":373,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2019\/03\/02\/keep-a-remote-x11-app-running-after-disconnecting-the-session\/","url_meta":{"origin":1068,"position":3},"title":"Keep a remote X11 app running after disconnecting the Session","author":"ugu5ma","date":"March 2, 2019","format":false,"excerpt":"Xpra is the tool of choice :) Install xpra on server and client like: [code language=\"bash\"] root@h2545526:~# apt install xpra . . xpra (2.1.3+dfsg-1ubuntu1) wird eingerichtet ... [\/code] start e.g. firefox on the server: [code language=\"bash\"] xpra start :100 --start-child=firefox [\/code] now connect from remote through Ssh: [code language=\"bash\"] xpra\u2026","rel":"","context":"In \"Linux\"","block_context":{"text":"Linux","link":"https:\/\/www.cipv6.de\/worp\/index.php\/tag\/linux\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1316,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/03\/11\/iso-27001-27006-and-27009-the-essential-normative-standards-for-isms\/","url_meta":{"origin":1068,"position":4},"title":"ISO 27001, 27006, and 27009: The Essential Normative Standards for ISMS","author":"ugu5ma","date":"March 11, 2025","format":false,"excerpt":"Introduction ISO 27000 is a family of standards focused on information security management systems (ISMS). Within this series, some standards are\u00a0normative, meaning they define essential requirements, while others are\u00a0informative, providing guidelines and recommendations. Difference Between Normative and Informative Standards Normative standards\u00a0are mandatory for certification and compliance. They establish requirements that\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/03\/isonormatinform.webp?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/03\/isonormatinform.webp?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/03\/isonormatinform.webp?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/03\/isonormatinform.webp?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":1227,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/","url_meta":{"origin":1068,"position":5},"title":"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM&#8221;","author":"ugu5ma","date":"January 30, 2025","format":false,"excerpt":"In today's cybersecurity landscape, having a robust and flexible security information and event management (SIEM) system is crucial. Wazuh, an open-source security platform, offers comprehensive solutions for threat detection, integrity monitoring, incident response, and compliance. Wazuh has an interesting history. In 2015, the Wazuh team decided to fork OSSEC, an\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/posts\/1068","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/comments?post=1068"}],"version-history":[{"count":0,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/posts\/1068\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/media\/1080"}],"wp:attachment":[{"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/media?parent=1068"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/categories?post=1068"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/tags?post=1068"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}