{"id":954,"date":"2024-08-28T13:53:19","date_gmt":"2024-08-28T11:53:19","guid":{"rendered":"https:\/\/www.cipv6.de\/worp\/?p=954"},"modified":"2024-12-16T10:27:16","modified_gmt":"2024-12-16T09:27:16","slug":"secure-your-ssh-communication-with-certificates-based-authentication","status":"publish","type":"post","link":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/","title":{"rendered":"Secure your SSH communication with certificates"},"content":{"rendered":"\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a11f0d489c26\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a11f0d489c26\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/#How_about_securing_your_SSH-Server_to_only_support_login-attempts_including_a_valid_signed_certificate_from_a_trusted_CA\" >How about securing your SSH-Server to only support login-attempts including a valid signed certificate from a trusted CA ?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/#Simplicity_and_Efficiency\" >Simplicity and Efficiency<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/#Security_and_Flexibility\" >Security and Flexibility<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/#Management_and_Usability\" >Management and Usability<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading has-text-align-left\"><span class=\"ez-toc-section\" id=\"How_about_securing_your_SSH-Server_to_only_support_login-attempts_including_a_valid_signed_certificate_from_a_trusted_CA\"><\/span>How about securing your SSH-Server to only support login-attempts including a valid signed certificate from a trusted CA ?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"has-text-align-left has-medium-font-size wp-block-paragraph\"><br>This sounds pretty cool, but there are a couple of pitfalls which should be outlined first:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-medium-font-size\">OpenSSH supports cert-based authentication since version 5.4 (in 2010)<\/li>\n\n\n\n<li class=\"has-medium-font-size\">OpenSSH does <strong>not <\/strong>support x.509-certificates !<\/li>\n\n\n\n<li class=\"has-medium-font-size\">OpenSSH has implemented its <a href=\"https:\/\/cvsweb.openbsd.org\/src\/usr.bin\/ssh\/PROTOCOL.certkeys?annotate=HEAD\">own certificate format<\/a><\/li>\n<\/ul>\n\n\n\n<p class=\"has-text-align-left has-medium-font-size wp-block-paragraph\">OpenSSH\u2019s decision to use its own proprietary SSH certificates instead of X.509 certificates, as outlined in <a href=\"https:\/\/www.rfc-editor.org\/info\/rfc6187\">RFC 6187<\/a> (no draft, proposed standard!), is rooted in several practical and technical reasons. Let\u2019s dive into the details:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Simplicity_and_Efficiency\"><\/span>Simplicity and Efficiency<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>Simplicity<\/strong>: OpenSSH certificates are designed to be simple and efficient.\u00a0<a href=\"https:\/\/smallstep.com\/blog\/ssh-vs-x509-certificates\/\" target=\"_blank\" rel=\"noreferrer noopener\">They contain only the necessary information for SSH authentication, such as the public key, name, expiration date, and associated permissions<\/a>.\u00a0<a href=\"https:\/\/smallstep.com\/blog\/ssh-vs-x509-certificates\/\" target=\"_blank\" rel=\"noreferrer noopener\">This simplicity makes them easier to implement and manage compared to the more complex X.509 certificates, which include a broader range of attributes and extensions<\/a>.<\/li>\n\n\n\n<li class=\"has-medium-font-size\"><strong>Efficiency<\/strong>: The lightweight nature of OpenSSH certificates means they are faster to process and verify.\u00a0<a href=\"https:\/\/www.remoteler.com\/blog\/ssh-certificates-how-do-openssh-certificates-compare-to-x-509\/\" target=\"_blank\" rel=\"noreferrer noopener\">This efficiency is particularly important in environments with a large number of SSH connections, where performance can be a critical factor<\/a>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Security_and_Flexibility\"><\/span>Security and Flexibility<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>Security<\/strong>: OpenSSH certificates offer several security advantages.\u00a0<a href=\"https:\/\/www.keytos.io\/blog\/passwordless\/what-is-the-difference-between-ssh-certificates-and-x509-certificates.html\" target=\"_blank\" rel=\"noreferrer noopener\">They are digitally signed, which means they cannot be altered without invalidating the signature<\/a>.\u00a0<a href=\"https:\/\/venafi.com\/blog\/why-you-should-use-ssh-certificates-instead-ssh-keys\/\" target=\"_blank\" rel=\"noreferrer noopener\">Additionally, they support short-lived certificates, which automatically expire after a set period, reducing the risk of unauthorized access if a certificate is compromised<\/a>.<\/li>\n\n\n\n<li class=\"has-medium-font-size\"><strong>Flexibility<\/strong>: OpenSSH certificates provide flexibility in terms of configuration and usage.\u00a0<a href=\"https:\/\/venafi.com\/blog\/what-are-benefits-ssh-certificates\/\" target=\"_blank\" rel=\"noreferrer noopener\">They allow for custom validity periods, source restrictions, command restrictions, and option enforcement<\/a>.\u00a0<a href=\"https:\/\/www.gradient.tech\/faq-items\/why-are-ssh-certificates-better-than-ssh-keys\/\" target=\"_blank\" rel=\"noreferrer noopener\">This level of customization is not as easily achievable with X.509 certificates, which are designed for a broader range of applications beyond SSH<\/a>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Management_and_Usability\"><\/span>Management and Usability<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>Centralized Management<\/strong>: OpenSSH certificates simplify the management of SSH access.\u00a0<a href=\"https:\/\/www.keytos.io\/blog\/passwordless\/what-are-ssh-certificates.html\" target=\"_blank\" rel=\"noreferrer noopener\">Instead of managing individual public keys for each user and server, administrators can use a single Certificate Authority (CA) to issue and revoke certificates<\/a>.\u00a0<a href=\"https:\/\/www.strongdm.com\/blog\/configure-ssh-certificate-based-authentication\" target=\"_blank\" rel=\"noreferrer noopener\">This centralized approach makes it easier to onboard and offboard users, as well as manage access permissions<\/a>.<\/li>\n\n\n\n<li class=\"has-medium-font-size\"><strong>Usability<\/strong>: The proprietary SSH certificate format is tailored specifically for SSH use cases, making it more user-friendly for administrators and developers who work primarily with SSH. The familiarity and ease of use of OpenSSH certificates can lead to better adoption and fewer implementation issues.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Is there any way to still use X.509-certificates with SSH ?<\/strong> <strong>Sure<\/strong>!<br>There are various products on the market available supporting X.509-based certificates like:<br>&#8211;<a href=\"https:\/\/roumenpetrov.info\/secsh\/\">PKIX-SSH secure shell with X.509 v3 certificate support<\/a> (OpenSSH patch for X.509-support)<br>&#8211;<a href=\"https:\/\/www.ssh.com\/products\/tectia-ssh\/\">Tectia\u00ae SSH Client\/Server<\/a><br>&#8211;<a href=\"https:\/\/www.wolfssl.com\/wolfssh-with-x509-support\/\">wolfSSL<\/a><br>-and so on and so forth. This is no complete list \ud83d\ude42<br><br><em>Keep in mind that big players like RedHat rely on the proprietary certificate-solution of OpenSSH<\/em><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-text-align-left has-medium-font-size wp-block-paragraph\"><strong>My (personal) Summary:<\/strong><br>while X.509 certificates are widely used and supported for various applications, OpenSSH\u2019s proprietary certificates offer a more streamlined, secure, and manageable solution for SSH authentication. The decision to use a proprietary format is driven by the need for simplicity, efficiency, security, flexibility, and ease of management. A patch of the OpenSSH-libraries is not needed.<br><\/p>\n\n\n\n<p class=\"has-text-align-left has-medium-font-size wp-block-paragraph\">When you lock down your SSH-daemon to only allow logins with valid certificates of your SSH-CA you start creating an additional security-layer for your SSH-Service.<br>Just think of securing the SSH-service on an internet-facing (Bastion-)hosts:<br>Without ssh-certs you need tools like <a href=\"https:\/\/www.crowdsec.net\/blog\/detecting-successful-ssh-brute-force\">Crowdsec<\/a>, <a href=\"https:\/\/www.sshguard.net\">SshGuard<\/a>, <a href=\"https:\/\/github.com\/fail2ban\/fail2ban\">Fail2ban<\/a> to e.g. jail hacking attempts, but you get still a lot of noise in your logs.<br>Fail2ban for example creates time-based filters based on the Source-IP of the hacking-attempt:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">dynamic FW-entries:\nTo                         Action      From\n--                         ------      ----\nAnywhere                   REJECT      1.234.58.136               # by Fail2Ban after 3 attempts against sshd\nAnywhere                   REJECT      51.161.153.48              # by Fail2Ban after 3 attempts against sshd\nAnywhere                   REJECT      189.241.227.175            # by Fail2Ban after 3 attempts against sshd\nAnywhere                   REJECT      193.32.162.79              # by Fail2Ban after 2 attempts against sshd\nAnywhere                   REJECT      183.81.169.238             # by Fail2Ban after 2 attempts against sshd\nAnywhere                   REJECT      183.81.169.235             # by Fail2Ban after 2 attempts against sshd\nAnywhere                   REJECT      183.81.169.237             # by Fail2Ban after 2 attempts against sshd\nAnywhere                   REJECT      183.81.169.236             # by Fail2Ban after 2 attempts against sshd\nAnywhere                   REJECT      1.234.58.142               # by Fail2Ban after 2 attempts against sshd\n\nlogs:\n2024-08-28 07:48:00,596 fail2ban.filter         [773]: INFO    [sshd] Found 2a03:b0c0:2:d0::89:2001 - 2024-08-28 07:48:00\n2024-08-28 08:01:05,385 fail2ban.filter         [773]: INFO    [sshd] Found 2001:41d0:8:3b79:: - 2024-08-28 08:01:05\n2024-08-28 08:04:25,692 fail2ban.filter         [773]: INFO    [sshd] Found 85.209.11.254 - 2024-08-28 08:04:25\n2024-08-28 08:13:23,523 fail2ban.filter         [773]: INFO    [sshd] Found 2a03:b0c0:2:d0::89:2001 - 2024-08-28 08:13:23\n2024-08-28 08:16:29,521 fail2ban.actions        [773]: NOTICE  [apache-noscript] Unban 64.227.153.228\n2024-08-28 08:20:49,352 fail2ban.filter         [773]: INFO    [sshd] Found 194.169.175.37 - 2024-08-28 08:20:49\n2024-08-28 08:27:37,117 fail2ban.actions        [773]: NOTICE  [sshd] Unban 43.128.142.238\n2024-08-28 08:27:38,475 fail2ban.actions        [773]: NOTICE  [sshd] Unban 112.163.28.218\n2024-08-28 08:27:54,621 fail2ban.actions        [773]: NOTICE  [sshd] Unban 43.134.110.112\n2024-08-28 08:28:22,790 fail2ban.actions        [773]: NOTICE  [sshd] Unban 103.97.177.217\n2024-08-28 08:31:20,214 fail2ban.actions        [773]: NOTICE  [sshd] Unban 117.83.178.140\n2024-08-28 08:36:06,460 fail2ban.actions        [773]: NOTICE  [sshd] Unban 207.172.160.36\n2024-08-28 08:36:20,119 fail2ban.filter         [773]: INFO    [sshd] Found 116.122.157.203 - 2024-08-28 08:36:19\n2024-08-28 08:36:31,386 fail2ban.filter         [773]: INFO    [apache-noscript] Found 167.172.208.130 - 2024-08-28 08:36:31\n2024-08-28 08:38:00,650 fail2ban.actions        [773]: NOTICE  [sshd] Unban 103.140.73.131\n2024-08-28 08:38:15,008 fail2ban.actions        [773]: NOTICE  [sshd] Unban 103.221.80.92\n2024-08-28 08:38:57,178 fail2ban.actions        [773]: NOTICE  [sshd] Unban 177.53.215.134\n2024-08-28 08:39:12,549 fail2ban.actions        [773]: NOTICE  [sshd] Unban 115.73.209.212\n2024-08-28 08:39:25,317 fail2ban.actions        [773]: NOTICE  [sshd] Unban 78.153.149.132\n2024-08-28 08:39:54,106 fail2ban.actions        [773]: NOTICE  [sshd] Unban 103.140.239.254\n2024-08-28 08:40:03,800 fail2ban.filter         [773]: INFO    [sshd] Found 194.169.175.37 - 2024-08-28 08:40:03\n2024-08-28 08:40:29,317 fail2ban.filter         [773]: INFO    [sshd] Found 2001:41d0:8:3b79:: - 2024-08-28 08:40:29\n2024-08-28 08:41:04,291 fail2ban.actions        [773]: NOTICE  [sshd] Unban 180.131.108.240\n2024-08-28 08:43:08,475 fail2ban.actions        [773]: NOTICE  [sshd] Unban 36.26.76.62\n2024-08-28 08:44:26,650 fail2ban.actions        [773]: NOTICE  [sshd] Unban 27.254.207.91\n2024-08-28 08:59:30,066 fail2ban.filter         [773]: INFO    [sshd] Found 146.59.228.24 - 2024-08-28 08:59:30\n2024-08-28 08:59:52,008 fail2ban.filter         [773]: INFO    [sshd] Found 1.218.138.131 - 2024-08-28 08:59:51\n2024-08-28 09:01:00,569 fail2ban.filter         [773]: INFO    [sshd] Found 47.245.28.86 - 2024-08-28 09:01:00\n2024-08-28 09:11:10,660 fail2ban.filter         [773]: INFO    [sshd] Found 140.143.171.137 - 2024-08-28 09:11:10\n2024-08-28 09:15:49,726 fail2ban.filter         [773]: INFO    [sshd] Found 103.200.20.12 - 2024-08-28 09:15:49\n2024-08-28 09:17:24,908 fail2ban.filter         [773]: INFO    [sshd] Found 85.209.11.27 - 2024-08-28 09:17:24\n2024-08-28 09:26:50,534 fail2ban.filter         [773]: INFO    [sshd] Found 2a03:b0c0:2:d0::89:2001 - 2024-08-28 09:26:50\n2024-08-28 09:27:17,395 fail2ban.actions        [773]: NOTICE  [sshd] Unban 14.40.8.125\n2024-08-28 09:27:46,027 fail2ban.filter         [773]: INFO    [sshd] Found 2001:41d0:8:3b79:: - 2024-08-28 09:27:46\n2024-08-28 09:28:14,571 fail2ban.filter         [773]: INFO    [sshd] Found 51.161.153.48 - 2024-08-28 09:28:14\n2024-08-28 09:30:05,778 fail2ban.filter         [773]: INFO    [sshd] Found 189.241.227.175 - 2024-08-28 09:30:05\n2024-08-28 09:36:10,170 fail2ban.filter         [773]: INFO    [sshd] Found 189.241.227.175 - 2024-08-28 09:36:10\n2024-08-28 09:36:33,524 fail2ban.filter         [773]: INFO    [sshd] Found 51.161.153.48 - 2024-08-28 09:36:33\n2024-08-28 09:36:57,262 fail2ban.filter         [773]: INFO    [sshd] Found 189.241.227.175 - 2024-08-28 09:36:57\n2024-08-28 09:36:57,711 fail2ban.actions        [773]: NOTICE  [sshd] Ban 189.241.227.175\n2024-08-28 09:37:34,771 fail2ban.filter         [773]: INFO    [sshd] Found 51.161.153.48 - 2024-08-28 09:37:34\n2024-08-28 09:37:35,064 fail2ban.actions        [773]: NOTICE  [sshd] Ban 51.161.153.48\n2024-08-28 09:42:44,848 fail2ban.filter         [773]: INFO    [sshd] Found 1.234.58.136 - 2024-08-28 09:42:44\n2024-08-28 09:44:11,137 fail2ban.filter         [773]: INFO    [sshd] Found 1.234.58.136 - 2024-08-28 09:44:10\n2024-08-28 09:45:23,912 fail2ban.filter         [773]: INFO    [sshd] Found 1.234.58.136 - 2024-08-28 09:45:23\n2024-08-28 09:45:23,929 fail2ban.actions        [773]: NOTICE  [sshd] Ban 1.234.58.136\n2024-08-28 09:57:28,398 fail2ban.filter         [773]: INFO    [sshd] Found 116.122.157.203 - 2024-08-28 09:57:28\n2024-08-28 10:10:03,236 fail2ban.filter         [773]: INFO    [sshd] Found 2001:41d0:304:200::6a05 - 2024-08-28 10:10:03\n2024-08-28 10:12:18,780 fail2ban.filter         [773]: INFO    [sshd] Found 85.209.11.254 - 2024-08-28 10:12:18\n2024-08-28 10:17:56,698 fail2ban.filter         [773]: INFO    [sshd] Found 202.190.50.129 - 2024-08-28 10:17:56\n2024-08-28 10:28:07,991 fail2ban.filter         [773]: INFO    [sshd] Found 194.169.175.37 - 2024-08-28 10:28:07\n2024-08-28 10:44:49,312 fail2ban.filter         [773]: INFO    [sshd] Found 51.68.143.159 - 2024-08-28 10:44:48\n2024-08-28 10:48:23,088 fail2ban.filter         [773]: INFO    [sshd] Found 85.209.11.27 - 2024-08-28 10:48:23\n\n\nStatus for the jail: sshd\n|- Filter\n|  |- Currently failed:\t4\n|  |- Total failed:\t2595\n|  `- File list:\t\/var\/log\/auth.log\n`- Actions\n   |- Currently banned:\t8\n   |- Total banned:\t611\n   `- Banned IP list:\t83.81.169.235 83.81.169.236 83.81.169.237 183.81.169.238 193.32.162.79 1.234.58.136 1.234.58.137 1.234.58.142<\/code><\/pre>\n\n\n\n<p class=\"has-text-align-left has-medium-font-size wp-block-paragraph\"><br>With cert-based ssh-authentication these tools are no more needed as a valid client-ssh-cert is mandatory.<br><br>I will create in the next days a howto based on the smallstep-solution to show the pros (and cons) for cert-based ssh from an DevOps perspective.<br><br><br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>How about securing your SSH-Server to only support login-attempts including a valid signed certificate from a trusted CA ? This sounds pretty cool, but there are a couple of pitfalls which should be outlined first: OpenSSH\u2019s decision to use its own proprietary SSH certificates instead of X.509 certificates, as outlined in RFC 6187 (no draft, &hellip; <a href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Secure your SSH communication with certificates&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":955,"comment_status":"open","ping_status":"open","sticky":false,"template":"template-page-builder.php","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[61,64,62],"tags":[],"class_list":["post-954","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-security","category-ssh"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Secure your SSH communication with certificates - cipv6.de<\/title>\n<meta name=\"description\" content=\"Learn how to enhance the security of your SSH communication by using certificates. Discover the benefits for implementing SSH certificates to protect your data and ensure secure connections\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure your SSH communication with certificates - cipv6.de\" \/>\n<meta property=\"og:description\" content=\"Learn how to enhance the security of your SSH communication by using certificates. Discover the benefits for implementing SSH certificates to protect your data and ensure secure connections\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/\" \/>\n<meta property=\"og:site_name\" content=\"cipv6.de\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-28T11:53:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-16T09:27:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ugu5ma\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ugu5ma\" \/>\n<meta name=\"twitter:site\" content=\"@ugu5ma\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ugu5ma\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/\"},\"author\":{\"name\":\"ugu5ma\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#\\\/schema\\\/person\\\/5d62b275485540be9e5e9e33d4fab86d\"},\"headline\":\"Secure your SSH communication with certificates\",\"datePublished\":\"2024-08-28T11:53:19+00:00\",\"dateModified\":\"2024-12-16T09:27:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/\"},\"wordCount\":627,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#\\\/schema\\\/person\\\/5d62b275485540be9e5e9e33d4fab86d\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.cipv6.de\\\/worp\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1\",\"articleSection\":[\"Linux\",\"Security\",\"SSH\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/\",\"url\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/\",\"name\":\"Secure your SSH communication with certificates - cipv6.de\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.cipv6.de\\\/worp\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1\",\"datePublished\":\"2024-08-28T11:53:19+00:00\",\"dateModified\":\"2024-12-16T09:27:16+00:00\",\"description\":\"Learn how to enhance the security of your SSH communication by using certificates. Discover the benefits for implementing SSH certificates to protect your data and ensure secure connections\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.cipv6.de\\\/worp\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.cipv6.de\\\/worp\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1\",\"width\":1024,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2024\\\/08\\\/28\\\/secure-your-ssh-communication-with-certificates-based-authentication\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure your SSH communication with certificates\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#website\",\"url\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/\",\"name\":\"cipv6.de\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#\\\/schema\\\/person\\\/5d62b275485540be9e5e9e33d4fab86d\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#\\\/schema\\\/person\\\/5d62b275485540be9e5e9e33d4fab86d\",\"name\":\"ugu5ma\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g\",\"caption\":\"ugu5ma\"},\"logo\":{\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g\"},\"sameAs\":[\"https:\\\/\\\/cipv6.de\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure your SSH communication with certificates - cipv6.de","description":"Learn how to enhance the security of your SSH communication by using certificates. Discover the benefits for implementing SSH certificates to protect your data and ensure secure connections","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/","og_locale":"en_US","og_type":"article","og_title":"Secure your SSH communication with certificates - cipv6.de","og_description":"Learn how to enhance the security of your SSH communication by using certificates. Discover the benefits for implementing SSH certificates to protect your data and ensure secure connections","og_url":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/","og_site_name":"cipv6.de","article_published_time":"2024-08-28T11:53:19+00:00","article_modified_time":"2024-12-16T09:27:16+00:00","og_image":[{"width":1024,"height":1024,"url":"https:\/\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg","type":"image\/jpeg"}],"author":"ugu5ma","twitter_card":"summary_large_image","twitter_creator":"@ugu5ma","twitter_site":"@ugu5ma","twitter_misc":{"Written by":"ugu5ma","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/#article","isPartOf":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/"},"author":{"name":"ugu5ma","@id":"https:\/\/www.cipv6.de\/worp\/#\/schema\/person\/5d62b275485540be9e5e9e33d4fab86d"},"headline":"Secure your SSH communication with certificates","datePublished":"2024-08-28T11:53:19+00:00","dateModified":"2024-12-16T09:27:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/"},"wordCount":627,"commentCount":0,"publisher":{"@id":"https:\/\/www.cipv6.de\/worp\/#\/schema\/person\/5d62b275485540be9e5e9e33d4fab86d"},"image":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1","articleSection":["Linux","Security","SSH"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/","url":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/","name":"Secure your SSH communication with certificates - cipv6.de","isPartOf":{"@id":"https:\/\/www.cipv6.de\/worp\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/#primaryimage"},"image":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1","datePublished":"2024-08-28T11:53:19+00:00","dateModified":"2024-12-16T09:27:16+00:00","description":"Learn how to enhance the security of your SSH communication by using certificates. Discover the benefits for implementing SSH certificates to protect your data and ensure secure connections","breadcrumb":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/#primaryimage","url":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1","width":1024,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cipv6.de\/worp\/"},{"@type":"ListItem","position":2,"name":"Secure your SSH communication with certificates"}]},{"@type":"WebSite","@id":"https:\/\/www.cipv6.de\/worp\/#website","url":"https:\/\/www.cipv6.de\/worp\/","name":"cipv6.de","description":"","publisher":{"@id":"https:\/\/www.cipv6.de\/worp\/#\/schema\/person\/5d62b275485540be9e5e9e33d4fab86d"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cipv6.de\/worp\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.cipv6.de\/worp\/#\/schema\/person\/5d62b275485540be9e5e9e33d4fab86d","name":"ugu5ma","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g","caption":"ugu5ma"},"logo":{"@id":"https:\/\/secure.gravatar.com\/avatar\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g"},"sameAs":["https:\/\/cipv6.de"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9uBTs-fo","jetpack-related-posts":[{"id":1068,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/","url_meta":{"origin":954,"position":0},"title":"SSH Security Made Easy: An Introduction to ssh-audit","author":"ugu5ma","date":"December 14, 2024","format":false,"excerpt":"ssh-audit is a powerful tool designed to help you assess the security of your SSH servers (and clients!). It provides detailed information about the server's configuration, supported algorithms, and potential vulnerabilities. In this guide, I'll walk you through the steps to install ssh-audit and run your first security tests. Secure\u2026","rel":"","context":"In &quot;Linux&quot;","block_context":{"text":"Linux","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":973,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/09\/06\/manual-steps-for-certificate-based-ssh-communication\/","url_meta":{"origin":954,"position":1},"title":"Lab setup: Secure your SSH communication with certificates","author":"ugu5ma","date":"September 6, 2024","format":false,"excerpt":"When you Ssh the first time to a host the screen shows something like: ssh test@10.50.100.110 The authenticity of host '10.50.100.110 (10.50.100.110)' can't be established. ED25519 key fingerprint is SHA256:jCJ0TIJkKnjgu3RTv5eGER7p4IN5Tb\/JpTEVJNMfpMs. This key is not known by any other names Are you sure you want to continue connecting (yes\/no\/[fingerprint])? Be honest:\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/09\/ssh_cover.jpeg?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/09\/ssh_cover.jpeg?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/09\/ssh_cover.jpeg?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/09\/ssh_cover.jpeg?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":1335,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/05\/04\/tmux-beats-disown-for-persistent-ssh-sessions\/","url_meta":{"origin":954,"position":2},"title":"tmux Beats disown for Persistent SSH Sessions","author":"ugu5ma","date":"May 4, 2025","format":false,"excerpt":"Why Terminal Session Persistence Matters Imagine this: you SSH into your server to launch a data backup that takes a couple of hours. Halfway through, your internet connection drops \u2014 and with it, the SSH session. When you reconnect, the process is gone. You have to start all over again,\u2026","rel":"","context":"In &quot;Linux&quot;","block_context":{"text":"Linux","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/05\/tmuxdisown.jpg?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/05\/tmuxdisown.jpg?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/05\/tmuxdisown.jpg?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/05\/tmuxdisown.jpg?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":373,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2019\/03\/02\/keep-a-remote-x11-app-running-after-disconnecting-the-session\/","url_meta":{"origin":954,"position":3},"title":"Keep a remote X11 app running after disconnecting the Session","author":"ugu5ma","date":"March 2, 2019","format":false,"excerpt":"Xpra is the tool of choice :) Install xpra on server and client like: [code language=\"bash\"] root@h2545526:~# apt install xpra . . xpra (2.1.3+dfsg-1ubuntu1) wird eingerichtet ... [\/code] start e.g. firefox on the server: [code language=\"bash\"] xpra start :100 --start-child=firefox [\/code] now connect from remote through Ssh: [code language=\"bash\"] xpra\u2026","rel":"","context":"In \"Linux\"","block_context":{"text":"Linux","link":"https:\/\/www.cipv6.de\/worp\/index.php\/tag\/linux\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1275,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/02\/06\/extract-certificate-and-key-from-acme-json\/","url_meta":{"origin":954,"position":4},"title":"Extract certificate and key from acme.json","author":"ugu5ma","date":"February 6, 2025","format":false,"excerpt":"Traefik V2.3 creates a file called acme.json after a successful certification-creation (cert-provider: let's encrypt).To extract the certificate and key from this file I have created this bash-script:https:\/\/github.com\/ugu5ma\/extract_acme_json_traefik","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1227,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/","url_meta":{"origin":954,"position":5},"title":"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM&#8221;","author":"ugu5ma","date":"January 30, 2025","format":false,"excerpt":"In today's cybersecurity landscape, having a robust and flexible security information and event management (SIEM) system is crucial. Wazuh, an open-source security platform, offers comprehensive solutions for threat detection, integrity monitoring, incident response, and compliance. Wazuh has an interesting history. In 2015, the Wazuh team decided to fork OSSEC, an\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/posts\/954","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/comments?post=954"}],"version-history":[{"count":0,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/posts\/954\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/media\/955"}],"wp:attachment":[{"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/media?parent=954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/categories?post=954"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/tags?post=954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}