d1cor (@d1cor@mstdn.io)
🚀 Se termina el mes, pero todavía estás a tiempo de invertir en tu futuro profesional!
📚 ¿Qué podés aprender en #JuncoTIC?
🐧 GNU/Linux & SysAdmin
🔒 Ciberseguridad & Redes
🐍 Desarrollo Web con Python y Flask.
✨ BONUS: cursos gratuitos de introducción a GNU/Linux y a Flask 🎁
⏳ Sólo por 5 días, el tiempo corre!
👉 https://juncotic.com/cursos/
Te esperamos en el aula virtual! 🎓
#Linux #Ciberseguridad #Programación #CursosOnline #SysAdmin #Python #Redes #ssh #iptables #nftables #lpic #flask
Show Original Post
danielittlewood (@danielittlewood@fosstodon.org)
I just used this #ssh fact and realised it's totally not obvious, and I only found out because someone told me, so I should share it:
If you have an ssh prompt that died because you lost connection or something, and you can't close it with ctrl-d, you can still close it with ~. (tilde dot enter). You may have to do it a couple of times, but it will work.
Show Original Post
h4ckernews (@h4ckernews@mastodon.social)
I think WebRTC is better than SSH-ing for connecting to Mac terminal from iPhone
#HackerNews #WebRTC #SSH #MacTerminal #iPhone #TechNews
Show Original Post
ps (@ps@soc.ua-fediland.de)
Щось я останнім часом зовсім зсісадмінився.
Ось так, тільки на старість починаєш розуміти свою справжню натуру: виявляється, що я зовсім не той, на кого покірно вчився в 16 і зовсім не кодер, яким став згодом в будівництві свого електронного човна; а швидше нетворкщик, для якого мережа - була і лишається єдиним способом подорожувати простором, через тунелі #SSH
Show Original Post
xameer (@xameer@mathstodon.xyz)
you can forward the SSH agent into each VM using vsock, or you can configure each VM to allow agent forwarding by setting it in the VM's configuration. This provides a way to use your local SSH keys securely within the VMs
til
that said
Set ForwardAgent no as your default in your ~/.ssh/config, and override it only where explicitly necessary.
Use bastion hosts or ProxyJump to manage access instead of relying on agent forwarding.
https://mikebarkas.dev/configure-ssh-agent-forwarding-security/
#linux #ssh
don't @ me
I am not a know it all and am not going to be
Show Original Post
x_cli (@x_cli@infosec.exchange)
With Bitwarden, you can store your SSH keys and use the desktop app to expose a SSH agent socket.
Some SSH servers have a MaxAuthTries configured with a low value.
If you use a SSH agent loaded with more keys that the MaxAuthTries value, and the required key is not in the MaxAuthTries first tried keys, you get an authentication error.
In CLI, you just pop a new SSH agent, load it with the "only key you need" and off you go.
With Bitwarden, you cannot do that (I think).
I have been thinking about implementing a SSH agent proxy that connects to Bitwarden, lists the keys available, and create a new agent per listed key, answering only for that key.
You could then configure SSH to use that SSH agent socket or that other SSH agent socket depending on the host you connect to, with IdentitiesOnly and an IdentityAgent pointing to the right SSH agent socket.
What do you think? Would you use that proxy?
#Bitwarden #infosec #ssh #authn
Show Original Post
d1cor (@d1cor@mstdn.io)
Se viene contenido nuevo en los cursos de SSH, en el de Hardening GNU/Linux (próximamente) y en el canal de YouTube de #JuncoTIC! 🎉
A pedido de seguidores y alumnos: fail2ban.
Guía paso a paso de configuraciones fundamentales bloquear ataques de fuerza bruta a nuestro servidor de SSH.
Los invito a suscribirse al canal para enterarse cuando salga el video! 👇
https://www.youtube.com/juncotic?sub_confirmation=1
#gnu #linux #fail2ban #ciberseguridad #hacking #ssh #hardening #infosec #seguridadinformatica #juncotic
Show Original Post
madargon (@madargon@is-a.cat)
#Ssh key #randomart #creature for this winter... #Snowman grandma! Because it was a snowman wearing kitchen apron there, right? ⛄
#drawing #art #MastoArt #CreativeToots #krita #ArtWithOpenSource #character
Show Original Post
dwarmstrong (@dwarmstrong@fosstodon.org)
Program of the Day: keychain
For computers that are not running desktop environments with their own built-in ssh key management, I like to install the `keychain` package to manage my keys. When logging in for the first time after boot, it prompts me for the passphrase to unlock my key, then will maintain a single ssh-agent process across multiple login sessions:
https://github.com/danielrobbins/keychain
Show Original Post
royalapps (@royalapps@dotnet.social)
⚙️ Here’s how to use a PowerShell Logon Script to Pre-Configure Royal TS Settings: https://www.royalapps.com/blog/use-a-powershell-logon-script-to-pre-configure-royal-ts-settings
#devops #itadmin #remotemanagement #RDP #remotedesktop #ssh
Show Original Post
techbot (@techbot@social.raytec.co)
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
An active supply chain worm campaign, dubbed SANDWORM_MODE, is spreading through typosquatting and AI toolchain poisoning across at least 19 malicious npm packages. The worm exhibits Shai-Hulud characteristics, incorporating GitHub API exfiltration with DNS fallback, hook-based persistence, SSH propagation, and MCP server injection targeting AI coding assistants. It harvests credentials from developer and CI environments, exfiltrates data via multiple channels, and uses stolen identities to propagate. The campaign also includes a weaponized GitHub Action for CI secret harvesting. The worm employs a multi-stage design with obfuscated loaders, time-gated execution, and extensive configuration options. It targets high-traffic developer utilities, crypto tooling, and AI coding tools, posing a significant threat to the software supply chain.
Pulse ID: 699c26263923e786afff5330
Pulse Link: https://otx.alienvault.com/pulse/699c26263923e786afff5330
Pulse Author: AlienVault
Created: 2026-02-23 10:04:22
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DNS #GitHub #ICS #InfoSec #NPM #OTX #OpenThreatExchange #RAT #SSH #Sandworm #SupplyChain #TypoSquatting #Worm #bot #AlienVault
Show Original Post
pitrh (@pitrh@mastodon.social)
A mention elsewhere of the insufferable ssh password guessers has me reprise my "The Hail Mary Cloud and the Lessons Learned" https://nxdomain.no/~peter/hailmary_lessons_learned.html piece, with a note added at the end about endlessh as a possible refinement (yes, I use it) #ssh #passwords #passwordguessing #passwordgroping #endlessh #openbsd #freebsd #pf #packetfilter #security #cybercrime
Show Original Post